wow-utop-it-homepage

[auntiem]

I some how got WOW search ( Wow home page) on my computer. How can I tell if I deleted it all from my computer?

I read that's it's a browser hijacker. Can someone help please and tell me what to download and see if it's ALL OFF my computer.

Edited December 31, 2015 by auntiem

[caintry_boy]

Well, I'm not a Trusted Malware Tech, but you can start here by downloading and running AdwCleaner > http://www.bleepingcomputer.com/download/adwcleaner/Click the green "Download Now" button and save it to your desktop and run like this:

Right-Click AdwCleaner.exe and select Run
as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log
(AdwCleaner[sX].txt) will open. Briefly
check the log for anything you know to be
legitimate.
Ensure anything you know to be legitimate
does not have a checkmark, and click Clean.
Follow the prompts and allow your computer
to reboot.
After rebooting, a log (AdwCleaner[sX].txt)
will open. Copy the contents of the log
and paste in your next reply.

 

Also download and run Junkware Removal Tool > http://www.bleepingcomputer.com/download/junkware-removal-tool/click the green "Download Now" button and save it to your desktop. Run the program like this:

Shut down your protection software now to
avoid potential conflicts.
Run the tool by double-clicking it. If you
are using Windows Vista, 7, or 8; instead
of double-clicking, right-mouse click
JRT.exe and select "Run as Administrator".
The tool will open and start scanning your
system.
Please be patient as this can take a while
to complete depending on your system's
specifications.
On completion, a log (JRT.txt) is saved to
your desktop and will automatically open.
Post the contents of JRT.txt into your
next message.

 

Start there and one of the Malware Tech's will be around to give further instructions.

 

 

 

 

 

[auntiem]

Thank you

caintry_boy for your fast reply. Will do the things you said to do, and thanks again.

[auntiem]

# AdwCleaner v5.027 - Logfile created 30/12/2015 at 23:26:41
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [server]
# Operating system : Windows 10 Home (x64)
# Username : Evelyn - EVELYN-PC
# Running from : C:\Users\Evelyn\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\SystemHealer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Folder Deleted : C:\Users\Evelyn\AppData\Roaming\System Healer

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=viewpoint+forum&form=WNSGPH&qs=PA&cvid=4676b37cde024e8381a20fad3150c997&pq=view%20point&sbts=1438813072987&nclid=xbfcJVGAF0MyhhpldpXXFA%3D%3D&ts=1438813072987
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\powerdvd.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\powerdvd.en.softonic.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com

***** [ Web browsers ] *****

[-] [C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\prefs.js] [Preference] Deleted : user_pref("extensions.dashlane.safesearchcapable", false);
[-] [C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2679 bytes] ##########

[auntiem]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Evelyn (Administrator) on Wed 12/30/2015 at 23:43:10.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/30/2015 at 23:49:02.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Satchfan]

Hello auntiem and welcome to the The Pit.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

• please follow all instructions in the order posted
• please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
• all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
• if you don't understand something, please don't hesitate to ask for clarification before proceeding
• the fixes are specific to your problem and should only be used for this issue on this machine.
• please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

The scans that caintry_boy got you to run got rid of some stuff but we need to run a scan that will give me more details of what the current situation is.


Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• press Scan button
• it will produce a log called Frst.txt in the same directory the tool is run from
• please copy and paste log back here.
• the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt

Thanks

Satchfan

 

[auntiem]

Satchfan,

Thank you for your fast response, and for your help. Below is the Frst.txt and Addition.txt you asked for.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Evelyn (administrator) on EVELYN-PC (31-12-2015 14:47:58)
Running from C:\Users\Evelyn\Desktop
Loaded Profiles: Evelyn (Available Profiles: Evelyn)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
( ) C:\Windows\System32\lxeccoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
() C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9135984 2015-11-24] (Emsisoft Ltd)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [Dashlane] => C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe [227712 2015-12-07] ()
HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [DashlanePlugin] => C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2015-12-07] ()
HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{287b51e9-cadb-44ff-afc0-7846e0875a27}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Evelyn\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-12-07] (Dashlane)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Dashlane - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\Extensions\[email protected] [2015-12-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-10]
CHR Extension: (Google Docs) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-10]
CHR Extension: (Google Drive) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Dashlane) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-11-30]
CHR Extension: (Google Sheets) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-10]
CHR Extension: (Gmail) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-10]

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Evelyn (2015-12-31 14:58:14)
Running from C:\Users\Evelyn\Desktop
Windows 10 Home (X64) (2015-11-30 15:48:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3674350177-2331041835-1869989430-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3674350177-2331041835-1869989430-503 - Limited - Disabled)
Evelyn (S-1-5-21-3674350177-2331041835-1869989430-1000 - Administrator - Enabled) => C:\Users\Evelyn
Guest (S-1-5-21-3674350177-2331041835-1869989430-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3674350177-2331041835-1869989430-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
Dashlane (HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\...\Dashlane) (Version: 3.6.0.97092 - Dashlane SAS)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SP45990 - Wallpaper Picture Position Enabler for Windows 7 (HKLM-x32\...\{86391634-A94B-4355-8397-3D85C2F942DA}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3674350177-2331041835-1869989430-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Evelyn\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {090E4D9B-253C-4965-A043-AC0118017010} - System32\Tasks\{2D570583-D660-4817-BDFA-70DE626ED63B} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1B5526DA-80F0-43D2-B94D-A44A459EED86} - System32\Tasks\SUPERAntiSpyware Scheduled Task fa65f2c0-ca47-49e0-8d22-e8b6af1bf0bb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {214EC0DC-0593-468F-8BC7-2FDEEB3A0375} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-12] (Microsoft Corporation)
Task: {220216E8-0DEF-401D-89E7-DFF28AD66052} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10] (Google Inc.)
Task: {4CF27C25-8BD9-4700-8EBC-F9C283434AEC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {9AB93F75-003E-460C-A8F0-B8695A0AA363} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {B0EA4761-CFFB-40A5-A5CE-CDBF7176C02C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B8D46003-B3E0-462C-B7BC-2E041A1CC8FB} - System32\Tasks\SUPERAntiSpyware Scheduled Task ba58ffec-463c-4c22-b12f-576ce6148278 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {C7F9F01E-B835-4525-AA21-ED65D727E9FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ba58ffec-463c-4c22-b12f-576ce6148278.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fa65f2c0-ca47-49e0-8d22-e8b6af1bf0bb.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD

==================== Loaded Modules (Whitelisted) ==============

2015-07-29 22:30 - 2009-11-04 12:18 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-02 23:21 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-02 23:21 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-27 16:20 - 2015-12-06 22:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-27 16:19 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-27 16:19 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-27 16:19 - 2015-12-06 23:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-12-27 16:20 - 2015-12-06 22:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-27 16:20 - 2015-12-06 22:34 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-27 16:20 - 2015-12-06 22:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-27 16:20 - 2015-12-06 22:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-29 22:28 - 2013-01-23 12:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2015-07-29 22:28 - 2013-01-23 12:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2015-07-30 01:38 - 2015-12-07 04:30 - 00227712 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe
2015-07-30 01:38 - 2015-12-07 04:30 - 00285568 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-12-16 23:59 - 2015-12-17 00:02 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-10 11:13 - 2015-12-10 11:17 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 11:13 - 2015-12-10 11:17 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 11:43 - 2015-11-20 11:44 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-29 16:59 - 2015-12-29 17:00 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-07-29 22:28 - 2010-04-01 11:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2015-07-29 22:28 - 2009-05-27 06:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2015-07-29 22:28 - 2010-04-01 11:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2015-07-29 22:28 - 2009-03-09 23:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2015-07-29 22:28 - 2010-04-05 04:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2015-07-29 22:28 - 2010-04-05 04:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2015-07-29 22:28 - 2010-04-05 04:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2015-07-29 22:28 - 2010-04-05 04:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2015-07-29 22:28 - 2010-04-05 04:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2015-07-29 22:28 - 2010-04-05 04:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2015-07-29 22:28 - 2010-04-05 04:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2015-07-29 22:28 - 2010-04-05 04:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2015-07-29 22:28 - 2009-04-07 13:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2015-07-29 22:28 - 2009-03-02 08:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 00343424 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 00423296 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 00446336 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 31325056 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 00276352 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 05866880 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 06901120 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 13324160 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 02136448 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.6.0.97092.dll
2015-12-07 04:29 - 2015-12-07 04:29 - 00338304 _____ () C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.6.0.97092.dll
2014-12-11 16:40 - 2014-12-11 16:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-12-16 23:59 - 2015-12-17 00:02 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-16 23:59 - 2015-12-17 00:02 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-29 22:29 - 2015-07-29 22:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3674350177-2331041835-1869989430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evelyn\Downloads\2015 Church picture of Fran Allie and Bella.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{FC91B2DA-48D7-4F07-AE65-46A8F4B97D74}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{3CA48A04-CD47-4FD7-9B9F-EE3270F1E63F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4EA47832-ECCA-4647-8B9F-027D818BCAC7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{3AE97769-E8FE-4096-A9EE-49365307BDE3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FFD5425B-D58B-42CF-9AE2-FF33BA9EA50F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5A36FF4F-1352-4601-9C26-5DC030F4DE2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E5E66AF-8B17-4721-8A56-37B862C2E6AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

12-12-2015 20:57:34 Windows Update
23-12-2015 17:41:24 Scheduled Checkpoint
28-12-2015 14:20:17 Windows Update
29-12-2015 21:40:10 Revo Uninstaller's restore point - Mozilla Firefox 43.0.1 (x86 en-US)
30-12-2015 23:43:14 JRT Pre-Junkware Removal
30-12-2015 23:51:32 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2015 02:38:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/31/2015 12:14:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/31/2015 12:49:24 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (1168) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Evelyn\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (12/31/2015 12:49:24 AM) (Source: ESENT) (EventID: 490) (User: )
Description: CCleaner64 (1168) testing: An attempt to open the file "C:\Users\Evelyn\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/30/2015 11:51:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2015 11:43:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2015 10:26:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 06:05:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 05:19:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 05:02:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EVELYN-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/31/2015 01:02:49 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/31/2015 12:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_235e3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/30/2015 11:30:52 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (12/30/2015 11:30:52 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (12/30/2015 11:30:48 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (12/30/2015 11:30:45 PM) (Source: DCOM) (EventID: 10016) (User: EVELYN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Evelyn-PCEvelynS-1-5-21-3674350177-2331041835-1869989430-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (12/30/2015 11:28:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxecCATSCustConnectService service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
Date: 2015-12-30 18:06:10.914
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-29 18:22:38.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-28 14:35:55.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 17:07:39.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 11:03:45.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 12:04:47.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-03 10:34:48.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-30 21:56:22.849
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-30 10:37:25.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-30 10:34:48.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 68%
Total physical RAM: 3003.19 MB
Available physical RAM: 956.95 MB
Total Virtual: 3707.19 MB
Available Virtual: 1098.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.22 GB) (Free:389.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CBA410DA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Satchfan]

Happy New Year!!!


Your FRST.txt was incomplete and I’d like the rest of it but from what I have seen, there’s not too much of a problem so we’ll clear up was was in your log and then I’d like another look.

 

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
• run FRST64 then click Fix just once and wait
• it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

 

• on Windows Vista, 7/8, right-click Zoek.exe and select: Run as Administrator
• give it a few seconds to appear
• copy/paste the entire script inside the codebox below into the input field of Zoek:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  

• close any open programs.
• click the Run script button, and wait. It takes a few minutes to run.
• when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
• if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

Fixlog.txt
zoek-results.log
Complete FRST.txt

Thanks

Satchfan

 

Edited January 1, 2016 by Satchfan

[auntiem]

Sorry ....but...I did too Clarify

ok you want me to run
Run Farbar Recovery Scan Tool again right?

and open notepad ( how do I do this?) and copy and paste what you put in it.

 

save the files as fixlist.txt ( is this from the Farbar recovery Scan tool?

 

Sorry...I'm sure you explained it right, but I'm a blond...lol

[Satchfan]

You have followed what I asked you to do perfectly. The only thing was, that when you copied/pasted the FRST log into your post, for some reason it was only a part of it that was posted.

No problem. Please run Zoek and when I see the result I'll reply.

Satchfan

[Satchfan]

Having just re-read your post I realise that I misread your problem with the instructions; so, to clarify:

• open Notepad by holding down Windows key+R and in the dialogue box that appears type in “Notepad”
• when Notepad opens, copy/paste the following into it:
  
  

  ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD
  EmptyTemp:
  

• save it as fixlist.txt and save it to your desktop, (the same location as FRST)
• open FRST64, then click Fix just once and wait
• it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Satchfan

 

[auntiem]

Sorry it took longer, Zoek deleted my Dashlane password manger and I had to reinstall it.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Evelyn (2016-01-02 20:59:49) Run:1
Running from C:\Users\Evelyn\Desktop
Loaded Profiles: Evelyn (Available Profiles: Evelyn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=100&s_chn2=zytDyE0C0EyDtB0ByCyEtB0BtB0EzzyC2RtBtDtCyDtCtBtCyBtBtByEzytAtBtBzyyD
EmptyTemp:
*****************

C:\Users\Evelyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk => Shortcut argument removed successfully.
EmptyTemp: => 384.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:01:00 ====

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Evelyn on Sat 01/02/2016 at 22:12:08.43.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Evelyn\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2016-01-03-030112.log 560 bytes

==== System Restore Info ======================

1/2/2016 10:14:07 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\Users\Evelyn\AppData\Local\ActiveSync deleted successfully
C:\Users\Evelyn\AppData\Local\NetworkTiles deleted successfully
C:\Users\Evelyn\AppData\Local\Skype deleted successfully
C:\Users\Evelyn\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\UpdaterLog.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default\jetpack deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\Dashlane.exe" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\DashlanePlugin.exe" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.6.0.97092.dll" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" deleted
"C:\Users\Evelyn\AppData\Roaming\Dashlane\3.6.0.97092\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default
- Dashlane - %ProfilePath%\extensions\[email protected]

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\awq9scwc.default
70858ED7836E5C849D33576A84DC8CCF - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash
74CC642C7448B3EC4F925E8D76ADD2E7 - C:\Users\Evelyn\AppData\Roaming\PCPitstop\PC Matic Plugin\1.0.0.1\npPCMaticPlugin.1.0.0.1.dll - PC Matic Plugin


==== Chromium Look ======================

Dashlane - Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3674350177-2331041835-1869989430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_USERS\S-1-5-21-3674350177-2331041835-1869989430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_USERS\S-1-5-21-3674350177-2331041835-1869989430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86391634-A94B-4355-8397-3D85C2F942DA} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\43619368B49A55343879D3582C9F24AD deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Evelyn\AppData\Local\Mozilla\Firefox\Profiles\awq9scwc.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4781 folders=494 315816044 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Evelyn\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 01/02/2016 at 22:54:50.90 ======================

[Satchfan]

How is your computer now?

[auntiem]

thanks for the help, computer is working great. Have a good evening.

[Satchfan]

I would like one more scan with a program that everyone should have on their computer and if that’s clear I’ll send instructions to tidy up.

Download Malwarebytes-Anti-Malware

Click here.

• double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
• select the “Scan” tab at the top
• there are three scan types; choose Threat Scan, then click on Scan
• when the scan is complete, if no malicious items are found you can close the program
• if malicious items are found be sure that everything is checked and click Quarantine
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Satchfan

 

[Satchfan]

Hi auntiem

 

It has been a few days since I asked you to run the Malwarebytes scan.

 

Please send the results so that we can be sure all is clear and then I'll send instructions to tidy up the tools we've used.

 

Thanks

 

Satchfan

[auntiem]

Satchfan

Sorry it took me longer to response, lost the password to pcpitstop, and had to get a new one.

Below is what you asked for:

Quarantined these:PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop(1).exe, , [abed181f3960e84ebda33b140bf64ab6],
PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop.exe, , [42560f289ffa1521362ab39cef12ed13],

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/9/2016
Scan Time: 2:21 PM
Logfile: threats.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.09.04
Rootkit Database: v2016.01.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Evelyn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339006
Time Elapsed: 12 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop(1).exe, , [abed181f3960e84ebda33b140bf64ab6],
PUP.Optional.InstallCore, C:\Users\Evelyn\Downloads\Gimpshop.exe, , [42560f289ffa1521362ab39cef12ed13],

Physical Sectors: 0
(No malicious items detected)


(end)

[Satchfan]

Your computer appears to be clean.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

===================================================

Download & run Delfix

• download Delfix from here to remove many of the tools we've used during the cleaning process.
• ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:

o Create registry backup
o Purge system restore

• click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

green if it's safe
yellow for caution
red for unsafe

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

• download CryptoPrevent
• save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
• you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
• you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
• click OK to continue and select your protection level. Go ahead and click OK.
• click the Apply button to set Default protection
• you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

======================

I also recommend that you read the following:

Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

[Satchfan]

Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic re-opened, please contact a staff member with the address of the thread.