Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Can't change homepage tired everything!!!

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Tue Sep 15, 2015 5:02 pm    Post subject: Can't change homepage tired everything!!! Reply with quote

I have tried everything can not change my homepage in Mozilla-Firefox40.3. Running W8.1 on 2yr old Toshiba laptop, always have yahoo default as homepage. For some reason "Safesear.ch" has taking over my homepage, can not change setting in Tools/Options/General to homepage yahoo..won't let me type anything! Dragging "yahoo" to homepage icon to set for homepage doesn't work either. Have ran several malware removals they always won't money (don't have Product Key# was a gift used) also I run Windows Defender scans frequently nothing seems to work! Have 50GB high speed internet, noticed PC slows way down when playing games or web browsing etc...Does this mean I have spyware problems or hijack homepage or what? Really want my homepage back & PC running normal again....Can ANYBODY please help me, been searching, reading & trying everything for over 6mos!?! I'd really appreciate it Rolling Eyes Thank-you
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Tue Sep 15, 2015 9:31 pm    Post subject: Reply with quote


  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.

    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.


_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Tue Sep 15, 2015 11:01 pm    Post subject: FRST.txt & Addition.txt Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by mgddebi (administrator) on MGDDEBI (15-09-2015 23:26:16)
Running from C:\Users\debbie\Downloads
Loaded Profiles: mgddebi (Available Profiles: mgddebi & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(brother Industries Ltd) C:\WINDOWS\SysWOW64\BRSS01A.EXE
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [] => [X]
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [DownloadManager] => c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe [872448 2015-03-16] ()
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [Google Update] => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-06-11] (Google Inc.)
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{70EF593D-BAB1-4017-BE24-4499C1E78EF6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{90126440-F676-42AB-A1EF-F0C412CD0AB8}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
SearchScopes: HKLM-x32 -> DefaultScope {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL =
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.safesear.ch/?type=20150516-vz-ie-sm

FireFox:
========
FF ProfilePath: C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxps://www.yahoo.com/
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-22] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1730931851-2078629721-1247132686-1001: @tools.google.com/Google Update;version=3 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1730931851-2078629721-1247132686-1001: @tools.google.com/Google Update;version=9 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-05-16]
FF Extension: Autofill Forms - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\autofillForms@blueimp.net.xpi [2015-02-02]
FF Extension: New Tab by Yahoo - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6380792\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2015-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2015-02-02] <==== ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Brother XP spl Service; C:\WINDOWS\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-02-06] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 23:26 - 2015-09-15 23:27 - 00017122 _____ C:\Users\debbie\Downloads\FRST.txt
2015-09-15 23:25 - 2015-09-15 23:26 - 00000000 ____D C:\FRST
2015-09-15 23:24 - 2015-09-15 23:24 - 02191360 _____ (Farbar) C:\Users\debbie\Downloads\FRST64.exe
2015-09-15 20:51 - 2015-09-15 20:50 - 00000030 _____ C:\AVScanner.ini
2015-09-15 20:50 - 2015-09-15 20:50 - 00000000 ____D C:\ProgramData\McAfee
2015-09-15 20:25 - 2015-09-15 20:25 - 00017063 _____ C:\Users\debbie\Downloads\HGTV-Halloween_jack-o-lantern-mouths-tomkat-studio_s4x3.jpg.rend.hgtvcom.616.462.jpeg
2015-09-15 20:23 - 2015-09-15 20:23 - 00195956 _____ C:\Users\debbie\Downloads\original_Layla-Palmer-Halloween-Jack-O-Totem-Beauty_s3x4.jpg.rend.hgtvcom.1280.1707.jpeg
2015-09-15 20:21 - 2015-09-15 20:21 - 00183966 _____ C:\Users\debbie\Downloads\original_Halloween-Advanced-Tree_s3x4.jpg.rend.hgtvcom.1280.1707.jpeg
2015-09-15 20:18 - 2015-09-15 20:18 - 00022386 _____ C:\Users\debbie\Downloads\HGTV-Halloween_bat-clip-labels-tomkat-studio_s4x3.jpg.rend.hgtvcom.616.462.jpeg
2015-09-09 13:08 - 2015-08-26 19:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 13:08 - 2015-08-26 11:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 13:08 - 2015-08-26 11:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 13:08 - 2015-08-26 11:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 13:08 - 2015-08-26 11:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 13:08 - 2015-08-26 07:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 13:08 - 2015-08-26 07:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 13:08 - 2015-08-26 07:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 13:08 - 2015-08-26 07:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 13:08 - 2015-08-26 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 13:08 - 2015-08-26 07:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 13:08 - 2015-08-26 07:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 13:07 - 2015-09-02 19:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:07 - 2015-09-02 19:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:07 - 2015-09-02 11:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:07 - 2015-09-02 10:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:07 - 2015-08-22 11:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:07 - 2015-08-22 10:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:07 - 2015-08-22 10:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:07 - 2015-08-22 10:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:07 - 2015-08-22 10:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:07 - 2015-08-22 10:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:07 - 2015-08-22 09:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:07 - 2015-08-22 09:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:07 - 2015-08-22 09:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:07 - 2015-08-22 09:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:07 - 2015-08-22 09:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:07 - 2015-08-22 09:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:07 - 2015-08-22 09:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:07 - 2015-08-22 09:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:07 - 2015-08-22 09:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:07 - 2015-08-22 09:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:07 - 2015-08-22 09:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:07 - 2015-08-22 09:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:07 - 2015-08-22 09:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:07 - 2015-08-22 09:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:07 - 2015-08-22 09:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:07 - 2015-08-22 09:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:07 - 2015-08-22 09:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:07 - 2015-08-22 09:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:07 - 2015-08-22 09:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:07 - 2015-08-22 09:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:07 - 2015-08-22 09:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:07 - 2015-08-22 08:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:07 - 2015-08-22 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:07 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:07 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:07 - 2015-07-22 07:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 13:07 - 2015-07-22 06:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 13:07 - 2015-07-17 07:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 13:07 - 2015-07-17 07:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 13:07 - 2015-07-03 14:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 13:07 - 2015-07-03 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 13:07 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 13:06 - 2015-09-01 19:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 13:06 - 2015-09-01 19:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 13:06 - 2015-09-01 19:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 13:06 - 2015-09-01 19:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 13:06 - 2015-09-01 19:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 13:06 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 13:06 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 13:06 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 13:06 - 2015-07-31 20:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 13:06 - 2015-07-31 20:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 13:06 - 2015-07-31 20:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 13:06 - 2015-07-31 20:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 13:06 - 2015-07-31 20:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 13:06 - 2015-07-22 07:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 13:06 - 2015-07-22 07:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 13:06 - 2015-07-22 07:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 13:06 - 2015-07-22 07:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 13:06 - 2015-07-18 11:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 13:06 - 2015-07-18 11:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 13:06 - 2015-07-18 11:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 13:06 - 2015-07-18 11:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-01 16:38 - 2015-09-01 16:38 - 00000000 ____D C:\Users\debbie\Downloads\New folder (2)
2015-08-29 03:49 - 2015-08-29 03:49 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Unity
2015-08-29 03:41 - 2015-08-29 04:28 - 00000000 ____D C:\Users\debbie\AppData\Local\Unity
2015-08-27 14:09 - 2015-08-27 14:09 - 31427680 _____ (A.I.SOFT,INC.) C:\Users\debbie\Downloads\Y14H_C2-hostm-B3(1).EXE
2015-08-27 11:23 - 2015-08-27 11:23 - 00000092 _____ C:\WINDOWS\brpcfx.ini
2015-08-27 11:23 - 2015-08-27 11:23 - 00000024 _____ C:\WINDOWS\Brpfx04a.ini
2015-08-27 11:19 - 2015-08-27 16:39 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2015-08-27 11:19 - 2015-08-27 11:19 - 00000000 ____D C:\ProgramData\PCFaxTx
2015-08-27 11:19 - 2012-12-12 11:37 - 00318464 ____N (Brother Industries, Ltd.) C:\WINDOWS\system32\BrFaxTxAppRun64.dll
2015-08-27 11:14 - 2015-08-27 11:15 - 00000000 ____D C:\Users\debbie\Downloads\install
2015-08-27 11:14 - 2015-08-27 11:14 - 150836528 _____ (A.I.SOFT,INC.) C:\Users\debbie\Downloads\MFC-J450DW-inst-A1-US3.EXE
2015-08-27 11:09 - 2015-08-27 11:09 - 00007819 _____ C:\WINDOWS\BROMJ450DW.INI
2015-08-27 11:09 - 2015-08-27 11:09 - 00000184 _____ C:\WINDOWS\SysWOW64\brsvc01a.bsi
2015-08-27 11:09 - 2015-08-27 11:09 - 00000055 _____ C:\WINDOWS\SysWOW64\brdmJ450DW.dat
2015-08-27 11:09 - 2015-08-27 11:09 - 00000030 _____ C:\WINDOWS\SysWOW64\brss01a.ini
2015-08-27 11:09 - 2002-04-12 00:00 - 00057344 _____ (brother Industries Ltd) C:\WINDOWS\SysWOW64\BRSVC01A.EXE
2015-08-27 11:09 - 2001-12-13 00:01 - 00045056 _____ (brother Industries Ltd) C:\WINDOWS\SysWOW64\BRSS01A.EXE
2015-08-27 11:04 - 2005-12-08 19:51 - 00000060 ____R C:\Program Files (x86)\BRINST.INI
2015-08-27 10:37 - 2015-08-27 10:37 - 00000000 ____D C:\Users\debbie\Downloads\32_64
2015-08-27 09:50 - 2015-08-27 09:50 - 00000000 ____D C:\Users\debbie\AppData\Roaming\java
2015-08-22 02:13 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-22 02:13 - 2015-07-13 12:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-22 02:13 - 2015-07-09 09:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-22 02:13 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-21 13:19 - 2015-08-21 13:19 - 00000000 ____D C:\Users\debbie\AppData\Local\YSearchUtil
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Sun
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\.oracle_jre_usage

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 23:25 - 2014-11-27 08:56 - 28695552 ___SH C:\Users\debbie\Downloads\Thumbs.db
2015-09-15 23:23 - 2014-12-09 16:02 - 00015800 _____ C:\WINDOWS\BRRBCOM.INI
2015-09-15 23:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-15 22:32 - 2014-12-05 16:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-15 21:31 - 2014-12-03 02:34 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1730931851-2078629721-1247132686-1001
2015-09-15 20:51 - 2014-12-04 10:43 - 00000000 ____D C:\Users\debbie\AppData\Local\Adobe
2015-09-15 20:50 - 2014-12-09 21:43 - 00003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F048D87-AA5E-483B-9E53-0A8E7FE453CE}
2015-09-15 20:39 - 2014-12-09 16:32 - 01811561 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-15 19:46 - 2014-12-09 16:42 - 00000000 ___DO C:\Users\debbie\OneDrive
2015-09-15 19:45 - 2013-08-22 07:46 - 00350938 _____ C:\WINDOWS\setupact.log
2015-09-15 19:45 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-15 19:45 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-15 19:30 - 2014-12-03 02:22 - 00000000 ____D C:\Users\debbie\AppData\Local\Packages
2015-09-15 19:30 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-15 19:17 - 2014-12-03 04:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 03:01 - 2014-11-27 09:08 - 00063561 ____H C:\Users\debbie\Downloads\.picasa.ini
2015-09-14 17:04 - 2014-12-09 16:11 - 00000000 ____D C:\Users\debbie
2015-09-12 21:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 18:46 - 2013-08-22 07:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 16:50 - 2014-09-23 23:53 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 16:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 13:35 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-04 18:32 - 2012-09-03 18:48 - 00000000 ____D C:\ProgramData\Toshiba
2015-09-03 13:41 - 2015-07-08 17:53 - 00000000 ____D C:\Users\debbie\Downloads\Documents\Attachments_201578
2015-09-03 13:37 - 2014-12-23 23:47 - 00000000 ____D C:\Users\debbie\Downloads\Documents\Fax
2015-09-01 03:34 - 2012-09-03 18:45 - 00000000 ____D C:\Program Files (x86)\Toshiba
2015-09-01 03:33 - 2012-09-03 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2015-08-28 09:22 - 2014-12-10 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 09:22 - 2014-09-24 00:03 - 00517684 _____ C:\WINDOWS\PFRO.log
2015-08-28 09:20 - 2015-02-02 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 11:18 - 2012-09-03 18:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-27 11:16 - 2014-12-09 16:02 - 00000000 ____D C:\ProgramData\Brother
2015-08-26 18:37 - 2014-12-03 04:17 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-23 21:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-08-22 02:23 - 2014-12-05 16:37 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-21 21:42 - 2015-04-25 03:58 - 00000000 ___HD C:\Users\debbie\Downloads\.picasaoriginals
2015-08-21 17:51 - 2015-08-13 12:12 - 00000000 ____D C:\Users\debbie\Downloads\Delphi Dream Shop_files
2015-08-21 13:19 - 2014-12-05 17:27 - 00000000 ____D C:\ProgramData\Oracle
2015-08-21 13:18 - 2014-12-05 16:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-21 13:17 - 2015-05-27 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-21 13:16 - 2015-05-27 10:24 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-21 07:23 - 2014-09-24 00:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-08-27 11:04 - 2005-12-08 19:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-07-22 03:12 - 2015-07-22 03:12 - 0003584 _____ () C:\Users\debbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-11 02:56 - 2015-01-11 02:57 - 0001504 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\debbie\AppData\Local\Temp\BrdefPrn.exe
C:\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe
C:\Users\debbie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\debbie\AppData\Local\Temp\SymCCIS.dll
C:\Users\debbie\AppData\Local\Temp\ytb.exe
C:\Users\debbie\AppData\Local\Temp\_is9FB5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-09 13:22

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by mgddebi (2015-09-15 23:28:04)
Running from C:\Users\debbie\Downloads
Windows 8.1 (X64) (2014-12-09 23:35:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1730931851-2078629721-1247132686-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1730931851-2078629721-1247132686-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1730931851-2078629721-1247132686-1007 - Limited - Enabled)
mgddebi (S-1-5-21-1730931851-2078629721-1247132686-1001 - Administrator - Enabled) => C:\Users\debbie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.93 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Manager (HKLM-x32\...\{DE770034-8162-4F7C-A995-5EA734431FEC}) (Version: 1.26 - Neurotic Media)
Google Photos Backup (HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

15-09-2015 21:32:03 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-09-15 20:51 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0F3C91CD-049D-47A3-AFFD-AA034F10DBC0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {127B9E20-1676-47B9-B9AC-1C9FF3FB1DF6} - System32\Tasks\{034A7949-7BB8-4A35-8F36-459C786633A6} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsBing
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {232A1768-BEB4-49C1-B91D-278D4B080F87} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4AAE8B43-7E4C-4AB1-A0BD-0B5067AE2790} - System32\Tasks\NSManager_1417838623 => C:\Users\debbie\AppData\Local\NSManager\manager.exe
Task: {51363065-894F-41DB-804D-364378A3BA78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {52EF768A-7D82-44D1-807F-72038B0BF1CC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {83992DB0-F48F-435E-BEB3-D3BFFA9C951C} - System32\Tasks\{AD0FA031-6361-4D37-A765-C2183D59F126} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {83F077BA-7A7F-4D19-861F-290BFEA58BEF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-22] (Adobe Systems Incorporated)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CE4F77F5-6C99-419B-86F8-8DA4BC70B04A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {EE9E2344-BF25-4068-99D7-B34873724EED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F18C9078-E57B-47DA-8BBD-59326920928F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1730931851-2078629721-1247132686-1001Core.job => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1730931851-2078629721-1247132686-1001Core1d0a41cd8374c0f.job => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1730931851-2078629721-1247132686-1001Core1d0bf5e3c2ce3cc.job => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\debbie\OneDrive:ms-properties
AlternateDataStreams: C:\Users\debbie\OneDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\debbie\Pictures\Picasa\Backgrounds\picasabackground-032.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMIRescue_60cd186a-6387-4292-9ccb-4f8a05f2af03 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "DownloadManager"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{91FF758A-0F17-4F32-8EE7-80E141D62EA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94B1D21C-93DB-4F0D-B6CB-D3AE03BC8EBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{43D55E9A-656F-490C-A6EF-D533B4B2520E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6CF96C21-D695-477B-AF65-3D186BE23105}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2015 07:49:37 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 07:49:37 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 07:42:04 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 07:42:04 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 07:17:34 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 07:17:34 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 05:10:09 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 05:10:09 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 04:41:41 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 04:41:41 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.


System errors:
=============
Error: (09/15/2015 08:38:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (09/15/2015 04:30:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (09/15/2015 02:13:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:59:23 AM on ‎9/‎15/‎2015 was unexpected.

Error: (09/15/2015 07:20:35 AM) (Source: DCOM) (EventID: 10016) (User: MGDDEBI)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}mgddebimgddebiS-1-5-21-1730931851-2078629721-1247132686-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/15/2015 01:36:38 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (09/15/2015 12:45:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830).

Error: (09/14/2015 04:36:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:24:53 PM on ‎9/‎13/‎2015 was unexpected.

Error: (09/13/2015 09:57:30 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (09/13/2015 06:19:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830).

Error: (09/13/2015 06:16:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:51:02 AM on ‎9/‎13/‎2015 was unexpected.


CodeIntegrity:
===================================
Date: 2015-09-15 06:13:51.513
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:51.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:51.144
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:50.785
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:50.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:50.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:49.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:49.310
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:48.966
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:48.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
Percentage of memory in use: 66%
Total physical RAM: 1930.22 MB
Available physical RAM: 637.86 MB
Total Virtual: 2698.22 MB
Available Virtual: 1056.81 MB

==================== Drives ================================

Drive c: (TI10653400C) (Fixed) (Total:287.2 GB) (Free:255 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Hello, I really didn't know how else to post this hope this is alright/ can't wait to find out whats up. That you for helping me, waiting patiently!!!! Confused [/b]
Back to top
View user's profile Send private message Send e-mail
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Tue Sep 15, 2015 11:02 pm    Post subject: FRST.txt & Addition.txt Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by mgddebi (administrator) on MGDDEBI (15-09-2015 23:26:16)
Running from C:\Users\debbie\Downloads
Loaded Profiles: mgddebi (Available Profiles: mgddebi & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(brother Industries Ltd) C:\WINDOWS\SysWOW64\BRSS01A.EXE
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [] => [X]
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [DownloadManager] => c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe [872448 2015-03-16] ()
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [Google Update] => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-06-11] (Google Inc.)
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{70EF593D-BAB1-4017-BE24-4499C1E78EF6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{90126440-F676-42AB-A1EF-F0C412CD0AB8}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
SearchScopes: HKLM-x32 -> DefaultScope {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL =
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.safesear.ch/?type=20150516-vz-ie-sm

FireFox:
========
FF ProfilePath: C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxps://www.yahoo.com/
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-22] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1730931851-2078629721-1247132686-1001: @tools.google.com/Google Update;version=3 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1730931851-2078629721-1247132686-1001: @tools.google.com/Google Update;version=9 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-05-16]
FF Extension: Autofill Forms - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\autofillForms@blueimp.net.xpi [2015-02-02]
FF Extension: New Tab by Yahoo - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6380792\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2015-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2015-02-02] <==== ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Brother XP spl Service; C:\WINDOWS\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-02-06] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 23:26 - 2015-09-15 23:27 - 00017122 _____ C:\Users\debbie\Downloads\FRST.txt
2015-09-15 23:25 - 2015-09-15 23:26 - 00000000 ____D C:\FRST
2015-09-15 23:24 - 2015-09-15 23:24 - 02191360 _____ (Farbar) C:\Users\debbie\Downloads\FRST64.exe
2015-09-15 20:51 - 2015-09-15 20:50 - 00000030 _____ C:\AVScanner.ini
2015-09-15 20:50 - 2015-09-15 20:50 - 00000000 ____D C:\ProgramData\McAfee
2015-09-15 20:25 - 2015-09-15 20:25 - 00017063 _____ C:\Users\debbie\Downloads\HGTV-Halloween_jack-o-lantern-mouths-tomkat-studio_s4x3.jpg.rend.hgtvcom.616.462.jpeg
2015-09-15 20:23 - 2015-09-15 20:23 - 00195956 _____ C:\Users\debbie\Downloads\original_Layla-Palmer-Halloween-Jack-O-Totem-Beauty_s3x4.jpg.rend.hgtvcom.1280.1707.jpeg
2015-09-15 20:21 - 2015-09-15 20:21 - 00183966 _____ C:\Users\debbie\Downloads\original_Halloween-Advanced-Tree_s3x4.jpg.rend.hgtvcom.1280.1707.jpeg
2015-09-15 20:18 - 2015-09-15 20:18 - 00022386 _____ C:\Users\debbie\Downloads\HGTV-Halloween_bat-clip-labels-tomkat-studio_s4x3.jpg.rend.hgtvcom.616.462.jpeg
2015-09-09 13:08 - 2015-08-26 19:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 13:08 - 2015-08-26 11:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 13:08 - 2015-08-26 11:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 13:08 - 2015-08-26 11:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 13:08 - 2015-08-26 11:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 13:08 - 2015-08-26 07:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 13:08 - 2015-08-26 07:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 13:08 - 2015-08-26 07:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 13:08 - 2015-08-26 07:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 13:08 - 2015-08-26 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 13:08 - 2015-08-26 07:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 13:08 - 2015-08-26 07:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 13:07 - 2015-09-02 19:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:07 - 2015-09-02 19:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:07 - 2015-09-02 11:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:07 - 2015-09-02 10:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:07 - 2015-08-22 11:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:07 - 2015-08-22 10:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:07 - 2015-08-22 10:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:07 - 2015-08-22 10:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:07 - 2015-08-22 10:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:07 - 2015-08-22 10:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:07 - 2015-08-22 09:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:07 - 2015-08-22 09:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:07 - 2015-08-22 09:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:07 - 2015-08-22 09:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:07 - 2015-08-22 09:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:07 - 2015-08-22 09:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:07 - 2015-08-22 09:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:07 - 2015-08-22 09:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:07 - 2015-08-22 09:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:07 - 2015-08-22 09:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:07 - 2015-08-22 09:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:07 - 2015-08-22 09:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:07 - 2015-08-22 09:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:07 - 2015-08-22 09:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:07 - 2015-08-22 09:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:07 - 2015-08-22 09:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:07 - 2015-08-22 09:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:07 - 2015-08-22 09:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:07 - 2015-08-22 09:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:07 - 2015-08-22 09:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:07 - 2015-08-22 09:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:07 - 2015-08-22 08:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:07 - 2015-08-22 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:07 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:07 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:07 - 2015-07-22 07:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 13:07 - 2015-07-22 06:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 13:07 - 2015-07-17 07:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 13:07 - 2015-07-17 07:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 13:07 - 2015-07-03 14:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 13:07 - 2015-07-03 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 13:07 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 13:06 - 2015-09-01 19:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 13:06 - 2015-09-01 19:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 13:06 - 2015-09-01 19:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 13:06 - 2015-09-01 19:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 13:06 - 2015-09-01 19:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 13:06 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 13:06 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 13:06 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 13:06 - 2015-07-31 20:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 13:06 - 2015-07-31 20:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 13:06 - 2015-07-31 20:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 13:06 - 2015-07-31 20:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 13:06 - 2015-07-31 20:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 13:06 - 2015-07-22 07:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 13:06 - 2015-07-22 07:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 13:06 - 2015-07-22 07:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 13:06 - 2015-07-22 07:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 13:06 - 2015-07-18 11:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 13:06 - 2015-07-18 11:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 13:06 - 2015-07-18 11:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 13:06 - 2015-07-18 11:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-01 16:38 - 2015-09-01 16:38 - 00000000 ____D C:\Users\debbie\Downloads\New folder (2)
2015-08-29 03:49 - 2015-08-29 03:49 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Unity
2015-08-29 03:41 - 2015-08-29 04:28 - 00000000 ____D C:\Users\debbie\AppData\Local\Unity
2015-08-27 14:09 - 2015-08-27 14:09 - 31427680 _____ (A.I.SOFT,INC.) C:\Users\debbie\Downloads\Y14H_C2-hostm-B3(1).EXE
2015-08-27 11:23 - 2015-08-27 11:23 - 00000092 _____ C:\WINDOWS\brpcfx.ini
2015-08-27 11:23 - 2015-08-27 11:23 - 00000024 _____ C:\WINDOWS\Brpfx04a.ini
2015-08-27 11:19 - 2015-08-27 16:39 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2015-08-27 11:19 - 2015-08-27 11:19 - 00000000 ____D C:\ProgramData\PCFaxTx
2015-08-27 11:19 - 2012-12-12 11:37 - 00318464 ____N (Brother Industries, Ltd.) C:\WINDOWS\system32\BrFaxTxAppRun64.dll
2015-08-27 11:14 - 2015-08-27 11:15 - 00000000 ____D C:\Users\debbie\Downloads\install
2015-08-27 11:14 - 2015-08-27 11:14 - 150836528 _____ (A.I.SOFT,INC.) C:\Users\debbie\Downloads\MFC-J450DW-inst-A1-US3.EXE
2015-08-27 11:09 - 2015-08-27 11:09 - 00007819 _____ C:\WINDOWS\BROMJ450DW.INI
2015-08-27 11:09 - 2015-08-27 11:09 - 00000184 _____ C:\WINDOWS\SysWOW64\brsvc01a.bsi
2015-08-27 11:09 - 2015-08-27 11:09 - 00000055 _____ C:\WINDOWS\SysWOW64\brdmJ450DW.dat
2015-08-27 11:09 - 2015-08-27 11:09 - 00000030 _____ C:\WINDOWS\SysWOW64\brss01a.ini
2015-08-27 11:09 - 2002-04-12 00:00 - 00057344 _____ (brother Industries Ltd) C:\WINDOWS\SysWOW64\BRSVC01A.EXE
2015-08-27 11:09 - 2001-12-13 00:01 - 00045056 _____ (brother Industries Ltd) C:\WINDOWS\SysWOW64\BRSS01A.EXE
2015-08-27 11:04 - 2005-12-08 19:51 - 00000060 ____R C:\Program Files (x86)\BRINST.INI
2015-08-27 10:37 - 2015-08-27 10:37 - 00000000 ____D C:\Users\debbie\Downloads\32_64
2015-08-27 09:50 - 2015-08-27 09:50 - 00000000 ____D C:\Users\debbie\AppData\Roaming\java
2015-08-22 02:13 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-22 02:13 - 2015-07-13 12:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-22 02:13 - 2015-07-09 09:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-22 02:13 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-21 13:19 - 2015-08-21 13:19 - 00000000 ____D C:\Users\debbie\AppData\Local\YSearchUtil
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Sun
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\.oracle_jre_usage

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 23:25 - 2014-11-27 08:56 - 28695552 ___SH C:\Users\debbie\Downloads\Thumbs.db
2015-09-15 23:23 - 2014-12-09 16:02 - 00015800 _____ C:\WINDOWS\BRRBCOM.INI
2015-09-15 23:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-15 22:32 - 2014-12-05 16:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-15 21:31 - 2014-12-03 02:34 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1730931851-2078629721-1247132686-1001
2015-09-15 20:51 - 2014-12-04 10:43 - 00000000 ____D C:\Users\debbie\AppData\Local\Adobe
2015-09-15 20:50 - 2014-12-09 21:43 - 00003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F048D87-AA5E-483B-9E53-0A8E7FE453CE}
2015-09-15 20:39 - 2014-12-09 16:32 - 01811561 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-15 19:46 - 2014-12-09 16:42 - 00000000 ___DO C:\Users\debbie\OneDrive
2015-09-15 19:45 - 2013-08-22 07:46 - 00350938 _____ C:\WINDOWS\setupact.log
2015-09-15 19:45 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-15 19:45 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-15 19:30 - 2014-12-03 02:22 - 00000000 ____D C:\Users\debbie\AppData\Local\Packages
2015-09-15 19:30 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-15 19:17 - 2014-12-03 04:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 03:01 - 2014-11-27 09:08 - 00063561 ____H C:\Users\debbie\Downloads\.picasa.ini
2015-09-14 17:04 - 2014-12-09 16:11 - 00000000 ____D C:\Users\debbie
2015-09-12 21:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 18:46 - 2013-08-22 07:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 16:50 - 2014-09-23 23:53 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 16:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 13:35 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-04 18:32 - 2012-09-03 18:48 - 00000000 ____D C:\ProgramData\Toshiba
2015-09-03 13:41 - 2015-07-08 17:53 - 00000000 ____D C:\Users\debbie\Downloads\Documents\Attachments_201578
2015-09-03 13:37 - 2014-12-23 23:47 - 00000000 ____D C:\Users\debbie\Downloads\Documents\Fax
2015-09-01 03:34 - 2012-09-03 18:45 - 00000000 ____D C:\Program Files (x86)\Toshiba
2015-09-01 03:33 - 2012-09-03 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2015-08-28 09:22 - 2014-12-10 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 09:22 - 2014-09-24 00:03 - 00517684 _____ C:\WINDOWS\PFRO.log
2015-08-28 09:20 - 2015-02-02 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 11:18 - 2012-09-03 18:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-27 11:16 - 2014-12-09 16:02 - 00000000 ____D C:\ProgramData\Brother
2015-08-26 18:37 - 2014-12-03 04:17 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-23 21:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-08-22 02:23 - 2014-12-05 16:37 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-21 21:42 - 2015-04-25 03:58 - 00000000 ___HD C:\Users\debbie\Downloads\.picasaoriginals
2015-08-21 17:51 - 2015-08-13 12:12 - 00000000 ____D C:\Users\debbie\Downloads\Delphi Dream Shop_files
2015-08-21 13:19 - 2014-12-05 17:27 - 00000000 ____D C:\ProgramData\Oracle
2015-08-21 13:18 - 2014-12-05 16:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-21 13:17 - 2015-05-27 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-21 13:16 - 2015-05-27 10:24 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-21 07:23 - 2014-09-24 00:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-08-27 11:04 - 2005-12-08 19:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-07-22 03:12 - 2015-07-22 03:12 - 0003584 _____ () C:\Users\debbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-11 02:56 - 2015-01-11 02:57 - 0001504 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\debbie\AppData\Local\Temp\BrdefPrn.exe
C:\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe
C:\Users\debbie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\debbie\AppData\Local\Temp\SymCCIS.dll
C:\Users\debbie\AppData\Local\Temp\ytb.exe
C:\Users\debbie\AppData\Local\Temp\_is9FB5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-09 13:22

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by mgddebi (2015-09-15 23:28:04)
Running from C:\Users\debbie\Downloads
Windows 8.1 (X64) (2014-12-09 23:35:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1730931851-2078629721-1247132686-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1730931851-2078629721-1247132686-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1730931851-2078629721-1247132686-1007 - Limited - Enabled)
mgddebi (S-1-5-21-1730931851-2078629721-1247132686-1001 - Administrator - Enabled) => C:\Users\debbie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.93 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Manager (HKLM-x32\...\{DE770034-8162-4F7C-A995-5EA734431FEC}) (Version: 1.26 - Neurotic Media)
Google Photos Backup (HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\debbie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

15-09-2015 21:32:03 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-09-15 20:51 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0F3C91CD-049D-47A3-AFFD-AA034F10DBC0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {127B9E20-1676-47B9-B9AC-1C9FF3FB1DF6} - System32\Tasks\{034A7949-7BB8-4A35-8F36-459C786633A6} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsBing
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {232A1768-BEB4-49C1-B91D-278D4B080F87} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4AAE8B43-7E4C-4AB1-A0BD-0B5067AE2790} - System32\Tasks\NSManager_1417838623 => C:\Users\debbie\AppData\Local\NSManager\manager.exe
Task: {51363065-894F-41DB-804D-364378A3BA78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {52EF768A-7D82-44D1-807F-72038B0BF1CC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {83992DB0-F48F-435E-BEB3-D3BFFA9C951C} - System32\Tasks\{AD0FA031-6361-4D37-A765-C2183D59F126} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {83F077BA-7A7F-4D19-861F-290BFEA58BEF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-22] (Adobe Systems Incorporated)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CE4F77F5-6C99-419B-86F8-8DA4BC70B04A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {EE9E2344-BF25-4068-99D7-B34873724EED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F18C9078-E57B-47DA-8BBD-59326920928F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1730931851-2078629721-1247132686-1001Core.job => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1730931851-2078629721-1247132686-1001Core1d0a41cd8374c0f.job => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1730931851-2078629721-1247132686-1001Core1d0bf5e3c2ce3cc.job => C:\Users\debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\debbie\OneDrive:ms-properties
AlternateDataStreams: C:\Users\debbie\OneDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\debbie\Pictures\Picasa\Backgrounds\picasabackground-032.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMIRescue_60cd186a-6387-4292-9ccb-4f8a05f2af03 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "DownloadManager"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{91FF758A-0F17-4F32-8EE7-80E141D62EA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94B1D21C-93DB-4F0D-B6CB-D3AE03BC8EBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{43D55E9A-656F-490C-A6EF-D533B4B2520E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6CF96C21-D695-477B-AF65-3D186BE23105}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2015 07:49:37 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 07:49:37 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 07:42:04 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 07:42:04 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 07:17:34 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 07:17:34 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 05:10:09 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 05:10:09 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (09/15/2015 04:41:41 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/15/2015 04:41:41 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.


System errors:
=============
Error: (09/15/2015 08:38:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (09/15/2015 04:30:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (09/15/2015 02:13:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:59:23 AM on ‎9/‎15/‎2015 was unexpected.

Error: (09/15/2015 07:20:35 AM) (Source: DCOM) (EventID: 10016) (User: MGDDEBI)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}mgddebimgddebiS-1-5-21-1730931851-2078629721-1247132686-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/15/2015 01:36:38 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (09/15/2015 12:45:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830).

Error: (09/14/2015 04:36:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:24:53 PM on ‎9/‎13/‎2015 was unexpected.

Error: (09/13/2015 09:57:30 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (09/13/2015 06:19:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830).

Error: (09/13/2015 06:16:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:51:02 AM on ‎9/‎13/‎2015 was unexpected.


CodeIntegrity:
===================================
Date: 2015-09-15 06:13:51.513
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:51.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:51.144
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:50.785
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:50.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:50.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:49.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:49.310
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:48.966
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 03:41:48.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
Percentage of memory in use: 66%
Total physical RAM: 1930.22 MB
Available physical RAM: 637.86 MB
Total Virtual: 2698.22 MB
Available Virtual: 1056.81 MB

==================== Drives ================================

Drive c: (TI10653400C) (Fixed) (Total:287.2 GB) (Free:255 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Hello, I really didn't know how else to post this hope this is alright/ can't wait to find out whats up. That you for helping me, waiting patiently!!!! Confused [/b]
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Wed Sep 16, 2015 6:14 am    Post subject: Reply with quote

OK, there are definite signs of infection in the logs you've supplied, but before we start cleaning them away, I'd like you to run one more scan for me which will give me a more complete picture of what needs to be removed.

Please download AdwCleaner and save it to your desktop.


  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.


AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Wed Sep 16, 2015 1:12 pm    Post subject: C:AdwCleaner{R1}.txt Reply with quote

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 20:54:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# User : wiola - WIOLA
# Boot Mode : Safe mode with networking
# Running from : D:\Desktop\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\wiola\AppData\Local\AskToolbar
Folder Found : C:\Users\wiola\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\wiola\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\wiola\AppData\Roaming\Mozilla\Firefox\Profiles\vzyuhshc.default\extensions\staged
Folder Found : C:\Users\wiola\AppData\Roaming\Mozilla\Firefox\Profiles\vzyuhshc.default\extensions\toolbar@ask.com
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\FunWebProducts
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\wiola\AppData\Roaming\Mozilla\Firefox\Profiles\vzyuhshc.default\searchplugins\Askcom.xml
File Found : C:\Users\wiola\AppData\Roaming\Mozilla\Firefox\Profiles\vzyuhshc.default\searchplugins\mywebsearch.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\IEBarProperties
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.tangosearch.com/?useie5=1&q=
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZRxdm427YYPL&ptb=K3JP7e9MLgg6_PitgBM_Og
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.tangosearch.com/?useie5=1&q=

-\\ Mozilla Firefox v14.0.1 (pl)

Profile name : default
File : C:\Users\wiola\AppData\Roaming\Mozilla\Firefox\Profiles\vzyuhshc.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.cbid", "EW");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYPL");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.questbrowser.com/?tmp=nemo_results[...]
Found : user_pref("extensions.asktb.first-launch-url", "hxxp://login.gadu-gadu.pl/prerd?oauth_consumer_key=3[...]
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "06D5B334-BD46-47CC-BACB-B152952E6214");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "su");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1346082789892");
Found : user_pref("extensions.asktb.last-search-timestamp", "1344015376096");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.nero.userName", "");
Found : user_pref("extensions.asktb.o", "101913");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "2");
Found : user_pref("extensions.asktb.sa", "yes");
Found : user_pref("extensions.asktb.search-history-queries", "Aktywno[ znajomych z facebooka Kreacje aktore[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...]
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "2012-04-30 20:50:19");
Found : user_pref("extensions.asktb.v", "3.15.1.100013");
Found : user_pref("extensions.asktb.version", "5.15.1.22229");
Found : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.1.100013,{972ce4c6-7e08-4474-a285-320819[...]
Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.questbrowser.com/?tmp=nemo_results_remove[...]
Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm427YYPL&ptn[...]

*************************

AdwCleaner[R1].txt - [8415 octets] - [29/08/2012 20:54:12]

########## EOF - C:\AdwCleaner[R1].txt - [8543 octets] ##########
Hello, Hope this is what you need. I didn't read the bottom of your email so had clicked on Cleaning after the scan. I'm sorry hope didn't mess things up! Please let me know be waiting to hear from you, thanx so much again.....
Back to top
View user's profile Send private message Send e-mail
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Wed Sep 16, 2015 1:23 pm    Post subject: oops Reply with quote

# AdwCleaner v5.007 - Logfile created 16/09/2015 at 13:57:43
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : mgddebi - MGDDEBI
# Running from : C:\Users\debbie\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\download Manager
[!] Folder Not Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\SAveruProo
[-] Folder Deleted : C:\Program Files (x86)\seaveronn
[-] Folder Deleted : C:\Program Files (x86)\shopnudrop
[-] Folder Deleted : C:\Program Files (x86)\wwEbsavveru
[-] Folder Deleted : C:\ProgramData\seaveronn
[-] Folder Deleted : C:\ProgramData\wwEbsavveru
[-] Folder Deleted : C:\ProgramData\13947845413952237832
[-] Folder Deleted : C:\ProgramData\c190b38150af3108
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\download Manager
[!] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\debbie\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\debbie\AppData\Local\DownloadManager
[-] Folder Deleted : C:\Users\debbie\AppData\Local\YSearchUtil
[!] Folder Not Deleted : C:\Users\debbie\AppData\Local\globalUpdate
[!] Folder Not Deleted : C:\Users\debbie\AppData\Local\DownloadManager
[!] Folder Not Deleted : C:\Users\debbie\AppData\Local\YSearchUtil
[!] Folder Not Deleted : C:\Users\debbie\AppData\Local\globalUpdate
[!] Folder Not Deleted : C:\Users\debbie\AppData\Local\DownloadManager
[!] Folder Not Deleted : C:\Users\debbie\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[!] Folder Not Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
[-] Folder Deleted : C:\Users\debbie\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\debbie\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\debbie\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\debbie\Favorites\StumbleUpon
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
[-] Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datamngrCoordinator.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
[-] Data Restored : HKCU\Software\Policies\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Policies\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06033829-B5B4-44B6-87E9-51EE28EF3AC9}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15683 bytes] ##########
Wasn't to sure if this was the one or not, I'm still learning all this!
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Wed Sep 16, 2015 7:55 pm    Post subject: Reply with quote

I did ask you not to run the Clean option in ADWCleaner, but it seems you ran it all the same. On this occasion you were lucky and no real harm was done, but I must ask you to follow what I ask you to do more closely or next time we might not be so lucky.

All the instructions I give are done for a reason, even if that reason may not be immediately obvious to you, so please do what I ask you to do, and not what you might think I want you to do.

OK, stage 2 ...


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad. (don't include Code:)


Code:

C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [DownloadManager] => c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe [872448 2015-03-16] ()
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
SearchScopes: HKLM-x32 -> DefaultScope {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL =
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-05-16]
FF Extension: Autofill Forms - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\autofillForms@blueimp.net.xpi [2015-02-02]
FF Extension: New Tab by Yahoo - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6380792\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2015-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2015-02-02] <==== ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
2015-08-21 13:19 - 2015-08-21 13:19 - 00000000 ____D C:\Users\debbie\AppData\Local\YSearchUtil
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Sun
2015-01-11 02:56 - 2015-01-11 02:57 - 0001504 _____ () C:\ProgramData\tempimage.bmp
C:\Users\debbie\AppData\Local\Temp\BrdefPrn.exe
C:\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe
C:\Users\debbie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\debbie\AppData\Local\Temp\SymCCIS.dll
C:\Users\debbie\AppData\Local\Temp\ytb.exe
C:\Users\debbie\AppData\Local\Temp\_is9FB5.exe
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
C:\Program Files (x86)\Coupons
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Users\debbie\AppData\Local\globalUpdate
C:\Users\debbie\AppData\Local\DownloadManager
C:\Users\debbie\AppData\Local\YSearchUtil
C:\Users\debbie\AppData\Local\globalUpdate
C:\Users\debbie\AppData\Local\DownloadManager
C:\Users\debbie\AppData\Local\YSearchUtil
C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
C:\Users\debbie\Favorites\StumbleUpon
[-HKCU\Software\Yahoo\Companion]
[-HKCU\Software\Yahoo\YFriendsBar]
[-HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\AppDataLow\Software\Yahoo\Companion]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
emptytemp:
hosts:
cmd: ipconfig /flushdns



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on Run ESET Online Scanner

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....

    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop

  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.


Summary of the logs I need from you in your next post:

  • Fixlog.txt
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Fri Sep 18, 2015 11:06 pm    Post subject: having problems Reply with quote

I'm sorry got code copied and when I clicked on Fix it said "know fixlist.txt found"! What am I doing wrong, bare with me please & try to explain again! Really appreciate your help I'm trying, like I said kinda new at all this. Sincerely Debbie
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Sat Sep 19, 2015 8:03 am    Post subject: Reply with quote

OK, what you first need to do is open an empty Notepad file. To do that ...

Quote:

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.



Now what you need to do is copy the text from this box below (don't include the word code:)

Code:
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [DownloadManager] => c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe [872448 2015-03-16] ()
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
SearchScopes: HKLM-x32 -> DefaultScope {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL =
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-05-16]
FF Extension: Autofill Forms - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\autofillForms@blueimp.net.xpi [2015-02-02]
FF Extension: New Tab by Yahoo - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6380792\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2015-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2015-02-02] <==== ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
2015-08-21 13:19 - 2015-08-21 13:19 - 00000000 ____D C:\Users\debbie\AppData\Local\YSearchUtil
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Sun
2015-01-11 02:56 - 2015-01-11 02:57 - 0001504 _____ () C:\ProgramData\tempimage.bmp
C:\Users\debbie\AppData\Local\Temp\BrdefPrn.exe
C:\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe
C:\Users\debbie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\debbie\AppData\Local\Temp\SymCCIS.dll
C:\Users\debbie\AppData\Local\Temp\ytb.exe
C:\Users\debbie\AppData\Local\Temp\_is9FB5.exe
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
C:\Program Files (x86)\Coupons
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Users\debbie\AppData\Local\globalUpdate
C:\Users\debbie\AppData\Local\DownloadManager
C:\Users\debbie\AppData\Local\YSearchUtil
C:\Users\debbie\AppData\Local\globalUpdate
C:\Users\debbie\AppData\Local\DownloadManager
C:\Users\debbie\AppData\Local\YSearchUtil
C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
C:\Users\debbie\Favorites\StumbleUpon
[-HKCU\Software\Yahoo\Companion]
[-HKCU\Software\Yahoo\YFriendsBar]
[-HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\AppDataLow\Software\Yahoo\Companion]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
emptytemp:
hosts:
cmd: ipconfig /flushdns


To do that ...

Quote:

  • Highlight all the text in the code box (if you don't know how to do that let me know)
  • Next hit Ctrl+C (press the Ctrl key and the C key together) which will copy the text you've highlighted.
  • Next click inside the open Notepad file and hit Ctrl+V which should paste the text you've just copied into Notepad.


Once you've verified that the text is present in the Notepad file, you need to save that file. To do that ...

Quote:

  • Click on File (in Notepad)
  • Click on Save
  • A save box will open.
  • Give the file the name fixlist.txt and save it to C:\Users\debbie\Downloads which is where you have FRST saved.


Once you've saved that file, you need to run FRST ...

Quote:
[list]
[*]Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log




Hope that makes sense to you.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Sat Sep 19, 2015 8:08 pm    Post subject: Here it is Reply with quote

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by mgddebi (2015-09-19 20:57:03) Run:1
Running from C:\Users\debbie\Downloads
Loaded Profiles: mgddebi (Available Profiles: mgddebi & Administrator & Guest)
Boot Mode: Normal
==============================================This is what I did today, let me know whats up. Your instructions are easy...Thank-you Debbie

fixlist content:
*****************
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\...\Run: [DownloadManager] => c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe [872448 2015-03-16] ()
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\CmdShell.exe: [Debugger] tasklist.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HPNotify.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\ProtectService.exe: [Debugger] tasklist.exe
IFEO\ProtectSvc.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\SearchProtectionStub.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\SP.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\SupHPNot.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\UpdateTask.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20150516-vz-ie
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150516-vz-ie
SearchScopes: HKLM-x32 -> DefaultScope {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL = hxxp://www.safesear.ch/web/?type=20141205-115-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {06033829-B5B4-44B6-87E9-51EE28EF3AC9} URL =
SearchScopes: HKU\S-1-5-21-1730931851-2078629721-1247132686-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20150516-vz-sshome-ie-df&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-05-16]
FF Extension: Autofill Forms - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\autofillForms@blueimp.net.xpi [2015-02-02]
FF Extension: New Tab by Yahoo - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6380792\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2015-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2015-02-02] <==== ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
2015-08-21 13:19 - 2015-08-21 13:19 - 00000000 ____D C:\Users\debbie\AppData\Local\YSearchUtil
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Users\debbie\AppData\Roaming\Sun
2015-01-11 02:56 - 2015-01-11 02:57 - 0001504 _____ () C:\ProgramData\tempimage.bmp
C:\Users\debbie\AppData\Local\Temp\BrdefPrn.exe
C:\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe
C:\Users\debbie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\debbie\AppData\Local\Temp\SymCCIS.dll
C:\Users\debbie\AppData\Local\Temp\ytb.exe
C:\Users\debbie\AppData\Local\Temp\_is9FB5.exe
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
C:\Program Files (x86)\Coupons
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Users\debbie\AppData\Local\globalUpdate
C:\Users\debbie\AppData\Local\DownloadManager
C:\Users\debbie\AppData\Local\YSearchUtil
C:\Users\debbie\AppData\Local\globalUpdate
C:\Users\debbie\AppData\Local\DownloadManager
C:\Users\debbie\AppData\Local\YSearchUtil
C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu
C:\Users\debbie\Favorites\StumbleUpon
[-HKCU\Software\Yahoo\Companion]
[-HKCU\Software\Yahoo\YFriendsBar]
[-HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\AppDataLow\Software\Yahoo\Companion]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
emptytemp:
hosts:
cmd: ipconfig /flushdns
*****************

"C:\Program Files (x86)\Coupons\CouponPrinterService.exe" => File/Folder not found.
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DownloadManager => value not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apnmcp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AppIntegrator64.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brs.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmng.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CmdShell.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrUI.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dsrlte.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DTUpdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ExtensionUpdaterService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FrameworkEngine.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HPNotify.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HpUI.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IMGUpdater.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keepmysettingsx.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Loader32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Loader64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\loggingserver.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Lrcnta.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsWinApp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\patch_ff.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PluginService.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectWindowsManager.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeFinder.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searcharmor.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SearchProtectionStub.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\search_protect.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\smu.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SP.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spbiu.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srpts.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptsl.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SupHPNot.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemkService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemSockets.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TBNotifier.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TNT2User.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Toolbar.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdater.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateTask.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vprot.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wb.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YTDownloader.exe" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{06033829-B5B4-44B6-87E9-51EE28EF3AC9} => key not found.
HKCR\Wow6432Node\CLSID\{06033829-B5B4-44B6-87E9-51EE28EF3AC9} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06033829-B5B4-44B6-87E9-51EE28EF3AC9}" => key removed successfully
HKCR\CLSID\{06033829-B5B4-44B6-87E9-51EE28EF3AC9} => key not found.
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html => not found
Firefox DefaultSearchEngine removed successfully
FF SearchEngineOrder.1: SafeSearch => not found
FF SelectedSearchEngine: SafeSearch => not found
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q= => not found
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml" => not found.
C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\autofillForms@blueimp.net.xpi => not found.
C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\3xnlt8lz.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack} => value removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js => moved successfully
C:\Program Files (x86)\mozilla firefox\mozilla.cfg => moved successfully
CouponPrinterService => service not found.
"C:\Program Files (x86)\Coupons" => File/Folder not found.
"C:\Users\debbie\AppData\Local\YSearchUtil" => File/Folder not found.
C:\Users\debbie\AppData\Roaming\Sun => moved successfully
C:\ProgramData\tempimage.bmp => moved successfully
C:\Users\debbie\AppData\Local\Temp\BrdefPrn.exe => moved successfully
C:\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe => moved successfully
C:\Users\debbie\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\debbie\AppData\Local\Temp\SymCCIS.dll => moved successfully
C:\Users\debbie\AppData\Local\Temp\ytb.exe => moved successfully
C:\Users\debbie\AppData\Local\Temp\_is9FB5.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"C:\Program Files (x86)\Coupons" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Folder not found.
"C:\Users\debbie\AppData\Local\globalUpdate" => File/Folder not found.
"C:\Users\debbie\AppData\Local\DownloadManager" => File/Folder not found.
"C:\Users\debbie\AppData\Local\YSearchUtil" => File/Folder not found.
"C:\Users\debbie\AppData\Local\globalUpdate" => File/Folder not found.
"C:\Users\debbie\AppData\Local\DownloadManager" => File/Folder not found.
"C:\Users\debbie\AppData\Local\YSearchUtil" => File/Folder not found.
"C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\hu114a3f.default-1421363638860\Extensions\yQ@f29E.edu" => File/Folder not found.
"C:\Users\debbie\Favorites\StumbleUpon" => File/Folder not found.
HKCU\Software\Yahoo\Companion => key not found.
HKCU\Software\Yahoo\YFriendsBar => key not found.
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\AppDataLow\Software\Yahoo\Companion => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe => key not found.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1730931851-2078629721-1247132686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========

EmptyTemp: => 2 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:58:13 ====
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Sat Sep 19, 2015 10:05 pm    Post subject: Reply with quote

Ok, that looks good. Now can you run the e-set scan I asked for in my earlier post .... http://spywarewarrior.com/viewtopic.php?p=234091&sid=809c19f68ee3cf1d7796998d5d6f1c06#234091 ... and when it's finished please post me the log.

The e-set scan will probably take a few hours to run, so please be patient, but it is very thorough, and usually finds anything we might have missed.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Sun Sep 20, 2015 1:57 am    Post subject: are we done Reply with quote

C:\FRST\Quarantine\C\Users\debbie\AppData\Local\Temp\ICReinstall_Picasa_Setup.exe.xBAD a variant of Win32/InstallCore.VM potentially unwanted application cleaned by deleting - quarantined
C:\Users\debbie\AppData\Local\Component\com.exe NSIS/Agent.NBP trojan cleaned by deleting - quarantined
C:\Users\debbie\Downloads\Picasa_Setup.exe a variant of Win32/InstallCore.VM potentially unwanted application cleaned by deleting - quarantined
C:\Users\debbie\Downloads\VideoPlayerSetup.exe a variant of Win32/InstallCore.ZN potentially unwanted application cleaned by deleting - quarantined

So what is the answer now did it take care of it, or we done? Guess I better turn my Protection back on now!! Let me know, Thanks Debbie
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Sun Sep 20, 2015 2:06 am    Post subject: Reply with quote

So how is your computer behaving now, is it responding as you'd expect it to ????

If it is ....

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...

    • Remove disinfection tools
    • Purge system restore

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.


If it isn't ....

Please let me know what problems you're still having
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mgddebi
Newbie


Joined: 15 Sep 2015
Last Visit: 20 Sep 2015
Posts: 8

PostPosted: Sun Sep 20, 2015 1:39 pm    Post subject: PERFECT Reply with quote

# DelFix v1.011 - Logfile created 20/09/2015 at 14:36:24
# Updated 18/08/2015 by Xplode
# Username : mgddebi - MGDDEBI
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\logFile.txt
Deleted : C:\Users\debbie\Downloads\Addition.txt
Deleted : C:\Users\debbie\Downloads\AdwCleaner.exe
Deleted : C:\Users\debbie\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\debbie\Downloads\Fixlog.txt
Deleted : C:\Users\debbie\Downloads\FRST.txt
Deleted : C:\Users\debbie\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #61 [Scheduled Checkpoint | 09/16/2015 04:32:03]

New restore point created !

########## - EOF - ##########
OH MY GOSH YOU DID IT!!!!!!
Back to top
View user's profile Send private message Send e-mail
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Sun Sep 20, 2015 1:47 pm    Post subject: Reply with quote

Looks like we're finished then Very Happy ....

As far as I can see, your computer looks clear of infection now.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Oct 2017
Posts: 10190
Location: Yorkshire

PostPosted: Tue Sep 22, 2015 1:13 am    Post subject: Reply with quote

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group