auntiem Posted December 31, 2015 Share Posted December 31, 2015 (edited) I some how got WOW search ( Wow home page) on my computer. How can I tell if I deleted it all from my computer? I read that's it's a browser hijacker. Can someone help please and tell me what to download and see if it's ALL OFF my computer. Edited December 31, 2015 by auntiem Link to comment Share on other sites More sharing options...
caintry_boy Posted December 31, 2015 Share Posted December 31, 2015 Well, I'm not a Trusted Malware Tech, but you can start here by downloading and running AdwCleaner > http://www.bleepingcomputer.com/download/adwcleaner/Click the green "Download Now" button and save it to your desktop and run like this: Right-Click AdwCleaner.exe and select Runas administrator to run the programme.Follow the prompts.Click Scan.Upon completion, click Report. A log(AdwCleaner[sX].txt) will open. Brieflycheck the log for anything you know to belegitimate.Ensure anything you know to be legitimatedoes not have a checkmark, and click Clean.Follow the prompts and allow your computerto reboot.After rebooting, a log (AdwCleaner[sX].txt)will open. Copy the contents of the logand paste in your next reply. Also download and run Junkware Removal Tool > http://www.bleepingcomputer.com/download/junkware-removal-tool/click the green "Download Now" button and save it to your desktop. Run the program like this: Shut down your protection software now toavoid potential conflicts.Run the tool by double-clicking it. If youare using Windows Vista, 7, or 8; insteadof double-clicking, right-mouse clickJRT.exe and select "Run as Administrator".The tool will open and start scanning yoursystem.Please be patient as this can take a whileto complete depending on your system'sspecifications.On completion, a log (JRT.txt) is saved toyour desktop and will automatically open.Post the contents of JRT.txt into yournext message. Start there and one of the Malware Tech's will be around to give further instructions. Link to comment Share on other sites More sharing options...
auntiem Posted December 31, 2015 Author Share Posted December 31, 2015 Thank you caintry_boy for your fast reply. Will do the things you said to do, and thanks again. Link to comment Share on other sites More sharing options...
auntiem Posted December 31, 2015 Author Share Posted December 31, 2015 # AdwCleaner v5.027 - Logfile created 30/12/2015 at 23:26:41# Updated 30/12/2015 by Xplode# Database : 2015-12-30.1 [server]# Operating system : Windows 10 Home (x64)# Username : Evelyn - EVELYN-PC# Running from : C:\Users\Evelyn\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\Program Files (x86)\SystemHealer[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer[-] Folder Deleted : C:\Users\Evelyn\AppData\Roaming\System Healer***** [ Files ] ********** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKCU\Software\PRODUCTSETUP[-] Key Deleted : HKCU\Software\System Healer[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=viewpoint+forum&form=WNSGPH&qs=PA&cvid=4676b37cde024e8381a20fad3150c997&pq=view%20point&sbts=1438813072987&nclid=xbfcJVGAF0MyhhpldpXXFA%3D%3D&ts=1438813072987[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\powerdvd.en.softonic.com[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\powerdvd.en.softonic.com[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com***** [ Web browsers ] *****[-] [C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\prefs.js] [Preference] Deleted : user_pref("extensions.dashlane.safesearchcapable", false);[-] [C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");[-] [C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com*************************:: "Tracing" keys removed:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2679 bytes] ########## Link to comment Share on other sites More sharing options...
auntiem Posted December 31, 2015 Author Share Posted December 31, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 10 Home x64Ran by Evelyn (Administrator) on Wed 12/30/2015 at 23:43:10.81~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~File System: 0Registry: 0~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 12/30/2015 at 23:49:02.99End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
Satchfan Posted December 31, 2015 Share Posted December 31, 2015 Hello auntiem and welcome to the The Pit.My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier: please follow all instructions in the order posted please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked if you don't understand something, please don't hesitate to ask for clarification before proceeding the fixes are specific to your problem and should only be used for this issue on this machine. please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed! IMPORTANT:Please DO NOT install/uninstall any programs unless asked to.Please DO NOT run any scans other than those requested===================================================The scans that caintry_boy got you to run got rid of some stuff but we need to run a scan that will give me more details of what the current situation is.Run Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. press Scan button it will produce a log called Frst.txt in the same directory the tool is run from please copy and paste log back here. the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply. Logs to include with next post:Frst.txtAddition.txtThanksSatchfan Link to comment Share on other sites More sharing options...
auntiem Posted December 31, 2015 Author Share Posted December 31, 2015 Satchfan, Thank you for your fast response, and for your help. Below is the Frst.txt and Addition.txt you asked for. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015Ran by Evelyn (administrator) on EVELYN-PC (31-12-2015 14:47:58)Running from C:\Users\Evelyn\DesktopLoaded Profiles: Evelyn (Available Profiles: Evelyn)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe( ) C:\Windows\System32\lxeccoms.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe() C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe() C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxMail.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe(Microsoft Corporation) C:\Windows\System32\PickerHost.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()HKLM\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9135984 2015-11-24] (Emsisoft Ltd)HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [Dashlane] => C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe [227712 2015-12-07] ()HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [DashlanePlugin] => C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2015-12-07] ()HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{287b51e9-cadb-44ff-afc0-7846e0875a27}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Evelyn\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-12-07] (Dashlane)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)FireFox:========FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Extension: Dashlane - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\Extensions\jetpack-extension@dashlane.com.xpi [2015-12-23]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]Chrome:=======CHR Profile: C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-10]CHR Extension: (Google Docs) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-10]CHR Extension: (Google Drive) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]CHR Extension: (YouTube) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]CHR Extension: (Google Search) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]CHR Extension: (Dashlane) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-11-30]CHR Extension: (Google Sheets) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-10]CHR Extension: (Google Docs Offline) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]CHR Extension: (Chrome Web Store Payments) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-10]CHR Extension: (Gmail) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-10] Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015Ran by Evelyn (2015-12-31 14:58:14)Running from C:\Users\Evelyn\DesktopWindows 10 Home (X64) (2015-11-30 15:48:35)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-3674350177-2331041835-1869989430-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-3674350177-2331041835-1869989430-503 - Limited - Disabled)Evelyn (S-1-5-21-3674350177-2331041835-1869989430-1000 - Administrator - Enabled) => C:\Users\EvelynGuest (S-1-5-21-3674350177-2331041835-1869989430-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3674350177-2331041835-1869989430-1002 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)Dashlane (HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Dashlane) (Version: 3.6.0.97092 - Dashlane SAS)Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenHDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)SP45990 - Wallpaper Picture Position Enabler for Windows 7 (HKLM-x32\...\{86391634-A94B-4355-8397-3D85C2F942DA}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-3674350177-2331041835-1869989430-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Evelyn\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {090E4D9B-253C-4965-A043-AC0118017010} - System32\Tasks\{2D570583-D660-4817-BDFA-70DE626ED63B} => pcalua.exe -a E:\Setup.EXE -d E:\Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {1B5526DA-80F0-43D2-B94D-A44A459EED86} - System32\Tasks\SUPERAntiSpyware Scheduled Task fa65f2c0-ca47-49e0-8d22-e8b6af1bf0bb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {214EC0DC-0593-468F-8BC7-2FDEEB3A0375} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-12] (Microsoft Corporation)Task: {220216E8-0DEF-401D-89E7-DFF28AD66052} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10] (Google Inc.)Task: {4CF27C25-8BD9-4700-8EBC-F9C283434AEC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)Task: {9AB93F75-003E-460C-A8F0-B8695A0AA363} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)Task: {B0EA4761-CFFB-40A5-A5CE-CDBF7176C02C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {B8D46003-B3E0-462C-B7BC-2E041A1CC8FB} - System32\Tasks\SUPERAntiSpyware Scheduled Task ba58ffec-463c-4c22-b12f-576ce6148278 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {C7F9F01E-B835-4525-AA21-ED65D727E9FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10] (Google Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ba58ffec-463c-4c22-b12f-576ce6148278.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fa65f2c0-ca47-49e0-8d22-e8b6af1bf0bb.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD==================== Loaded Modules (Whitelisted) ==============2015-07-29 22:30 - 2009-11-04 12:18 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxecdrpp.dll2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll2015-12-02 23:21 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll2015-12-02 23:21 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll2015-12-27 16:20 - 2015-12-06 22:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll2015-12-27 16:19 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll2015-12-27 16:19 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll2015-12-27 16:19 - 2015-12-06 23:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll2015-12-27 16:20 - 2015-12-06 22:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll2015-12-27 16:20 - 2015-12-06 22:34 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll2015-12-27 16:20 - 2015-12-06 22:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll2015-12-27 16:20 - 2015-12-06 22:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll2015-07-29 22:28 - 2013-01-23 12:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe2015-07-29 22:28 - 2013-01-23 12:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe2015-07-30 01:38 - 2015-12-07 04:30 - 00227712 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe2015-07-30 01:38 - 2015-12-07 04:30 - 00285568 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe2015-12-16 23:59 - 2015-12-17 00:02 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe2015-12-10 11:13 - 2015-12-10 11:17 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe2015-12-10 11:13 - 2015-12-10 11:17 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll2015-11-20 11:43 - 2015-11-20 11:44 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll2015-12-29 16:59 - 2015-12-29 17:00 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe2015-07-29 22:28 - 2010-04-01 11:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll2015-07-29 22:28 - 2009-05-27 06:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll2015-07-29 22:28 - 2010-04-01 11:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll2015-07-29 22:28 - 2009-03-09 23:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll2015-07-29 22:28 - 2010-04-05 04:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL2015-07-29 22:28 - 2010-04-05 04:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll2015-07-29 22:28 - 2010-04-05 04:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL2015-07-29 22:28 - 2010-04-05 04:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL2015-07-29 22:28 - 2010-04-05 04:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL2015-07-29 22:28 - 2010-04-05 04:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll2015-07-29 22:28 - 2010-04-05 04:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll2015-07-29 22:28 - 2010-04-05 04:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll2015-07-29 22:28 - 2009-04-07 13:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll2015-07-29 22:28 - 2009-03-02 08:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll2015-12-07 04:29 - 2015-12-07 04:29 - 00343424 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 00423296 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 00446336 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 31325056 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 00276352 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 05866880 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 06901120 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 13324160 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 02136448 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.6.0.97092.dll2015-12-07 04:29 - 2015-12-07 04:29 - 00338304 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.6.0.97092.dll2014-12-11 16:40 - 2014-12-11 16:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll2015-12-16 23:59 - 2015-12-17 00:02 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll2015-12-16 23:59 - 2015-12-17 00:02 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2015-07-29 22:29 - 2015-07-29 22:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evelyn\Downloads\2015 Church picture of Fran Allie and Bella.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [TCP Query User{FC91B2DA-48D7-4F07-AE65-46A8F4B97D74}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{3CA48A04-CD47-4FD7-9B9F-EE3270F1E63F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{4EA47832-ECCA-4647-8B9F-027D818BCAC7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{3AE97769-E8FE-4096-A9EE-49365307BDE3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{FFD5425B-D58B-42CF-9AE2-FF33BA9EA50F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{5A36FF4F-1352-4601-9C26-5DC030F4DE2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{3E5E66AF-8B17-4721-8A56-37B862C2E6AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Restore Points =========================12-12-2015 20:57:34 Windows Update23-12-2015 17:41:24 Scheduled Checkpoint28-12-2015 14:20:17 Windows Update29-12-2015 21:40:10 Revo Uninstaller's restore point - Mozilla Firefox 43.0.1 (x86 en-US)30-12-2015 23:43:14 JRT Pre-Junkware Removal30-12-2015 23:51:32 JRT Pre-Junkware Removal==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/31/2015 02:38:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (12/31/2015 12:14:53 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8Error: (12/31/2015 12:49:24 AM) (Source: ESENT) (EventID: 455) (User: )Description: CCleaner64 (1168) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Evelyn\AppData\Local\Microsoft\Windows\WebCache\V01.log.Error: (12/31/2015 12:49:24 AM) (Source: ESENT) (EventID: 490) (User: )Description: CCleaner64 (1168) testing: An attempt to open the file "C:\Users\Evelyn\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (12/30/2015 11:51:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied..Error: (12/30/2015 11:43:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied..Error: (12/30/2015 10:26:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (12/30/2015 06:05:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (12/30/2015 05:19:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (12/30/2015 05:02:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.System errors:=============Error: (12/31/2015 01:02:49 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )Description: 4Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The User Data Access_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The User Data Storage_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Contact Data_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Sync Host_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.Error: (12/30/2015 11:30:52 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742Error: (12/30/2015 11:30:52 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742Error: (12/30/2015 11:30:48 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742Error: (12/30/2015 11:30:45 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742Error: (12/30/2015 11:28:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The lxecCATSCustConnectService service failed to start due to the following error:%%1053CodeIntegrity:=================================== Date: 2015-12-30 18:06:10.914 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-29 18:22:38.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-28 14:35:55.293 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-11 17:07:39.858 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-10 11:03:45.403 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-09 12:04:47.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-03 10:34:48.034 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 21:56:22.849 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 10:37:25.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-30 10:34:48.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHzPercentage of memory in use: 68%Total physical RAM: 3003.19 MBAvailable physical RAM: 956.95 MBTotal Virtual: 3707.19 MBAvailable Virtual: 1098.45 MB==================== Drives ================================Drive c: () (Fixed) (Total:453.22 GB) (Free:389.32 GB) NTFS ==>[system with boot components (obtained from drive)]Drive d: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.99 GB) NTFS ==>[system with boot components (obtained from drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 465.8 GB) (Disk ID: CBA410DA)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=453.2 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=450 MB) - (Type=27)Partition 4: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================ Link to comment Share on other sites More sharing options...
Satchfan Posted January 1, 2016 Share Posted January 1, 2016 (edited) Happy New Year!!!Your FRST.txt was incomplete and I’d like the rest of it but from what I have seen, there’s not too much of a problem so we’ll clear up was was in your log and then I’d like another look. ===================================================Run Farbar Recovery Scan ToolOpen notepad. Please copy the contents of the code box below and paste it into Notepad. ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD EmptyTemp: NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work run FRST64 then click Fix just once and wait it will create a log on your desktop, (Fixlog.txt); please post it to your reply. ===================================================Download zoek.exe to your Desktop:Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here. on Windows Vista, 7/8, right-click Zoek.exe and select: Run as Administrator give it a few seconds to appear copy/paste the entire script inside the codebox below into the input field of Zoek: createsrpoint; autoclean; emptyalltemp; ipconfig /flushdns;b close any open programs. click the Run script button, and wait. It takes a few minutes to run. when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\ if a reboot is needed, the log will be opened after the reboot. Logs to include with next post:Fixlog.txtzoek-results.logComplete FRST.txt ThanksSatchfan Edited January 1, 2016 by Satchfan Link to comment Share on other sites More sharing options...
auntiem Posted January 1, 2016 Author Share Posted January 1, 2016 Sorry ....but...I did too Clarify ok you want me to runRun Farbar Recovery Scan Tool again right? and open notepad ( how do I do this?) and copy and paste what you put in it. save the files as fixlist.txt ( is this from the Farbar recovery Scan tool? Sorry...I'm sure you explained it right, but I'm a blond...lol Link to comment Share on other sites More sharing options...
Satchfan Posted January 1, 2016 Share Posted January 1, 2016 You have followed what I asked you to do perfectly. The only thing was, that when you copied/pasted the FRST log into your post, for some reason it was only a part of it that was posted.No problem. Please run Zoek and when I see the result I'll reply.Satchfan Link to comment Share on other sites More sharing options...
Satchfan Posted January 2, 2016 Share Posted January 2, 2016 Having just re-read your post I realise that I misread your problem with the instructions; so, to clarify: open Notepad by holding down Windows key+R and in the dialogue box that appears type in “Notepad” when Notepad opens, copy/paste the following into it: ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD EmptyTemp: save it as fixlist.txt and save it to your desktop, (the same location as FRST) open FRST64, then click Fix just once and wait it will create a log on your desktop, (Fixlog.txt); please post it to your reply. Satchfan Link to comment Share on other sites More sharing options...
auntiem Posted January 3, 2016 Author Share Posted January 3, 2016 Sorry it took longer, Zoek deleted my Dashlane password manger and I had to reinstall it. Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015Ran by Evelyn (2016-01-02 20:59:49) Run:1Running from C:\Users\Evelyn\DesktopLoaded Profiles: Evelyn (Available Profiles: Evelyn)Boot Mode: Normal==============================================fixlist content:*****************ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyDEmptyTemp:*****************C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk => Shortcut argument removed successfully.EmptyTemp: => 384.1 MB temporary data Removed.The system needed a reboot.==== End of Fixlog 21:01:00 ==== Zoek.exe v5.0.0.1 Updated 31-December-2015Tool run by Evelyn on Sat 01/02/2016 at 22:12:08.43.Microsoft Windows 10 Home 10.0.10586 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Evelyn\Desktop\zoek.exe [scan all users] [script inserted]==== Older Logs ======================C:\zoek-results2016-01-03-030112.log 560 bytes==== System Restore Info ======================1/2/2016 10:14:07 PM Zoek.exe System Restore Point Created Successfully.==== Empty Folders Check ======================C:\PROGRA~3\Comms deleted successfullyC:\Users\Evelyn\AppData\Local\ActiveSync deleted successfullyC:\Users\Evelyn\AppData\Local\NetworkTiles deleted successfullyC:\Users\Evelyn\AppData\Local\Skype deleted successfullyC:\Users\Evelyn\AppData\Local\VirtualStore deleted successfully==== Deleting CLSID Registry Keys ========================== Deleting CLSID Registry Values ========================== Deleting Services ========================== Batch Command(s) Run By Tool========================== Deleting Files \ Folders ======================C:\PROGRA~3\UpdaterLog.txt deletedC:\PROGRA~3\Package Cache deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\jetpack deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.6.0.97092.dll" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" deleted"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components" deleted==== Firefox Extensions ======================ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default- Dashlane - %ProfilePath%\extensions\jetpack-extension@dashlane.com.xpiAppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi==== Firefox Plugins ======================Profilepath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default70858ED7836E5C849D33576A84DC8CCF - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash74CC642C7448B3EC4F925E8D76ADD2E7 - C:\Users\Evelyn\AppData\Roaming\PCPitstop\PC Matic Plugin\1.0.0.1\npPCMaticPlugin.1.0.0.1.dll - PC Matic Plugin==== Chromium Look ======================Dashlane - Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"==== All HKLM and HKCU SearchScopes ======================HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCHKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCHKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02==== Deleting CLSID Registry Keys ======================HKEY_USERS\S-1-5-21-3674350177-2331041835-1869989430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfullyHKEY_USERS\S-1-5-21-3674350177-2331041835-1869989430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfullyHKEY_USERS\S-1-5-21-3674350177-2331041835-1869989430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully==== Deleting CLSID Registry Values ========================== Deleting Registry Keys ======================HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86391634-A94B-4355-8397-3D85C2F942DA} deleted successfullyHKEY_CURRENT_USER\Software\Microsoft\Installer\Products\43619368B49A55343879D3582C9F24AD deleted successfully==== Empty IE Cache ======================C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully==== Empty FireFox Cache ======================C:\Users\Evelyn\AppData\Local\Mozilla\Firefox\Profiles\awq9scwc.default\cache2 emptied successfully==== Empty Chrome Cache ======================C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully==== Empty All Flash Cache ======================No Flash Cache Found==== Empty All Java Cache ======================Java Cache cleared successfully==== C:\zoek_backup content ======================C:\zoek_backup (files=4781 folders=494 315816044 bytes)==== Empty Temp Folders ======================C:\WINDOWS\Temp will be emptied at reboot==== After Reboot ========================== Empty Temp Folders ======================C:\WINDOWS\Temp successfully emptiedC:\Users\Evelyn\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== EOF on Sat 01/02/2016 at 22:54:50.90 ====================== Link to comment Share on other sites More sharing options...
Satchfan Posted January 3, 2016 Share Posted January 3, 2016 How is your computer now? Link to comment Share on other sites More sharing options...
auntiem Posted January 5, 2016 Author Share Posted January 5, 2016 thanks for the help, computer is working great. Have a good evening. Link to comment Share on other sites More sharing options...
Satchfan Posted January 5, 2016 Share Posted January 5, 2016 I would like one more scan with a program that everyone should have on their computer and if that’s clear I’ll send instructions to tidy up.Download Malwarebytes-Anti-Malware Click here. double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”) select the “Scan” tab at the top there are three scan types; choose Threat Scan, then click on Scan when the scan is complete, if no malicious items are found you can close the program if malicious items are found be sure that everything is checked and click Quarantine when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) the log is automatically saved and can be viewed by clicking the Logs tab in MBAM. copy and paste the contents of that report in your next reply and exit MBAM. NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Satchfan Link to comment Share on other sites More sharing options...
Satchfan Posted January 8, 2016 Share Posted January 8, 2016 Hi auntiem It has been a few days since I asked you to run the Malwarebytes scan. Please send the results so that we can be sure all is clear and then I'll send instructions to tidy up the tools we've used. Thanks Satchfan Link to comment Share on other sites More sharing options...
auntiem Posted January 9, 2016 Author Share Posted January 9, 2016 Satchfan Sorry it took me longer to response, lost the password to pcpitstop, and had to get a new one. Below is what you asked for: Quarantined these:PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop(1).exe, , [abed181f3960e84ebda33b140bf64ab6],PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop.exe, , [42560f289ffa1521362ab39cef12ed13], Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/9/2016Scan Time: 2:21 PMLogfile: threats.txtAdministrator: YesVersion: 2.2.0.1024Malware Database: v2016.01.09.04Rootkit Database: v2016.01.09.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 10CPU: x64File System: NTFSUser: EvelynScan Type: Threat ScanResult: CompletedObjects Scanned: 339006Time Elapsed: 12 min, 20 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 2PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop(1).exe, , [abed181f3960e84ebda33b140bf64ab6],PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop.exe, , [42560f289ffa1521362ab39cef12ed13],Physical Sectors: 0(No malicious items detected)(end) Link to comment Share on other sites More sharing options...
Satchfan Posted January 9, 2016 Share Posted January 9, 2016 Your computer appears to be clean.Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:Uninstall AdwCleaner double click on adwcleaner.exe to run the tool click on Uninstall confirm with Yes. ===================================================Download & run Delfix download Delfix from here to remove many of the tools we've used during the cleaning process. ensure “Remove disinfection tools” is checked. Also place a checkmark next to: o Create registry backupo Purge system restore click the Run button.You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.===================================================Recommended programsSpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.======================Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.======================It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.======================Download WOTWeb of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: green if it's safeyellow for cautionred for unsafe You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!======================MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.A couple of links with information here and here which can answer any questions you might have about installing/using it.======================UncheckyBe careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.Download and install Unchecky .======================Download and install CryptoPreventCrypto Ransomware WarningThere are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here. download CryptoPrevent save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking. accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to click OK to continue and select your protection level. Go ahead and click OK. click the Apply button to set Default protection you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes. You are now protected.Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.======================I also recommend that you read the following:Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence AbramsI will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.Safe computingSatchfan Link to comment Share on other sites More sharing options...
Satchfan Posted January 11, 2016 Share Posted January 11, 2016 Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.If you're the topic starter, and need this topic re-opened, please contact a staff member with the address of the thread. Link to comment Share on other sites More sharing options...
Recommended Posts