computer under attack!

**Red_Earth** · 2015-10-10, 02:39

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
Ran by user (administrator) on USER-PC (09-10-2015 19:14:21)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Windows\Temp\~ECED.tmp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\ProgramData\taskhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [VjcYNwLhFDE6] => regsvr32.exe /s "C:\PROGRA~2\VjcYNwLhFDE6.dll"
HKLM\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_mkkgj.html [2015-08-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_mkkgj.txt [2015-08-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_qnhwg.html [2015-08-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_qnhwg.txt [2015-08-22] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{20396C80-FAE6-446D-A19D-054238E5CE4E}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6C1E3C77-1C84-43C7-8007-77C8B6A57208}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2083325841-3239248121-869660377-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=5511A651-82A3-4CC4-907D-C555A1F8DFCE&n=781b8b1b&p2=^ZX^foxyyy^YYA^us
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\ask-web-search.xml [2015-07-09]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_mkkgj.html [2015-08-22]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_mkkgj.txt [2015-08-22]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_qnhwg.html [2015-08-22]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_qnhwg.txt [2015-08-22]
FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\Extensions\firefox@ghostery.com.xpi [2015-05-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-31]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-31]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-31]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-31]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 19:14 - 2015-10-09 19:14 - 00009112 _____ C:\Users\user\Downloads\FRST.txt
2015-10-09 19:14 - 2015-10-09 19:14 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2015-10-09 19:13 - 2015-10-09 19:14 - 01698304 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-10-09 19:13 - 2015-10-09 19:14 - 00000000 ____D C:\FRST
2015-10-09 19:13 - 2015-10-09 19:13 - 00000736 _____ C:\Windows\system32\DB3841779606
2015-10-09 14:59 - 2015-10-09 14:59 - 01822048 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent (1).exe
2015-10-06 18:32 - 2015-10-06 18:32 - 00005120 _____ C:\ProgramData\taskhost.exe
2015-10-06 18:31 - 2015-10-06 18:31 - 00004096 _____ C:\ProgramData\VjcYNwLhFDE6.dll
2015-10-06 07:12 - 2015-10-06 07:12 - 00000056 _____ C:\Windows\setupact.log
2015-10-06 07:12 - 2015-10-06 07:12 - 00000000 _____ C:\Windows\setuperr.log
2015-10-02 12:33 - 2015-10-02 12:33 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent(1).exe
2015-10-02 12:28 - 2015-10-09 15:07 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-10-02 12:26 - 2015-10-02 12:27 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe
2015-09-30 21:31 - 2015-10-02 06:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-20 14:54 - 2015-09-20 14:54 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-20 14:54 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-20 14:47 - 2015-09-20 14:47 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-20 14:47 - 2015-09-20 14:47 - 00002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-20 14:47 - 2015-09-20 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-20 14:47 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-09-20 14:34 - 2015-09-20 14:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-09-20 14:03 - 2015-09-20 14:03 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-20 14:03 - 2015-09-20 14:03 - 00000000 ____D C:\Program Files\CCleaner
2015-09-20 14:02 - 2015-09-20 14:03 - 06667640 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup509.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 19:09 - 2015-05-18 19:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 19:08 - 2015-05-18 19:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 19:08 - 2015-05-16 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 19:08 - 2013-12-03 02:48 - 00384875 _____ C:\Windows\WindowsUpdate.log
2015-10-09 19:08 - 2009-07-13 23:34 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 19:08 - 2009-07-13 23:34 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 15:04 - 2015-05-31 20:38 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-10-09 12:41 - 2015-08-25 06:42 - 03616964 _____ C:\Windows\system32\CFG3841779606
2015-10-06 07:12 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 16:57 - 2015-07-22 07:03 - 00000000 ____D C:\Windows\Minidump
2015-10-05 14:45 - 2013-12-02 23:58 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 15:53 - 2015-08-31 19:45 - 00000000 ____D C:\Users\user\AppData\Roaming\tor
2015-10-02 06:56 - 2014-02-21 00:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-01 06:38 - 2014-02-21 00:58 - 00001536 _____ C:\Windows\Sandboxie.ini
2015-09-27 14:35 - 2015-05-18 19:08 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 06:48 - 2015-08-23 11:02 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-23 06:48 - 2015-05-16 16:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-23 06:48 - 2015-05-16 16:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-20 14:54 - 2015-07-26 18:46 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-09-20 14:47 - 2015-07-26 18:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-20 14:03 - 2015-07-26 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-19 18:08 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-19 18:08 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-19 18:07 - 2015-05-18 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-19 18:07 - 2015-05-18 19:07 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-09-19 18:07 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-09-19 18:07 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

2015-08-22 16:45 - 2015-08-22 16:45 - 0005081 _____ () C:\Users\user\AppData\Roaming\restore_files_mkkgj.html
2015-08-22 16:45 - 2015-08-22 16:45 - 0002253 _____ () C:\Users\user\AppData\Roaming\restore_files_mkkgj.txt
2015-08-22 07:05 - 2015-08-22 07:05 - 0003822 _____ () C:\Users\user\AppData\Roaming\restore_files_qnhwg.html
2015-08-22 07:05 - 2015-08-22 07:05 - 0002170 _____ () C:\Users\user\AppData\Roaming\restore_files_qnhwg.txt
2015-08-23 09:12 - 2015-08-23 09:12 - 0003822 _____ () C:\Users\user\AppData\Local\restore_files_bjvdg.html
2015-08-23 09:12 - 2015-08-23 09:12 - 0002170 _____ () C:\Users\user\AppData\Local\restore_files_bjvdg.txt
2015-08-23 08:41 - 2015-08-23 08:41 - 0003822 _____ () C:\Users\user\AppData\Local\restore_files_hvdux.html
2015-08-23 08:41 - 2015-08-23 08:41 - 0002170 _____ () C:\Users\user\AppData\Local\restore_files_hvdux.txt
2015-08-22 16:29 - 2015-08-22 16:43 - 0005081 _____ () C:\Users\user\AppData\Local\restore_files_mkkgj.html
2015-08-22 16:29 - 2015-08-22 16:43 - 0002253 _____ () C:\Users\user\AppData\Local\restore_files_mkkgj.txt
2015-08-22 06:48 - 2015-08-22 07:01 - 0003822 _____ () C:\Users\user\AppData\Local\restore_files_qnhwg.html
2015-08-22 06:48 - 2015-08-22 07:01 - 0002170 _____ () C:\Users\user\AppData\Local\restore_files_qnhwg.txt
2015-08-23 09:02 - 2015-08-23 09:03 - 0429427 _____ (Boxer Software) C:\ProgramData\716C5D6A.EX
2015-08-23 09:10 - 2015-08-23 09:12 - 0003822 _____ () C:\ProgramData\restore_files_bjvdg.html
2015-08-23 09:10 - 2015-08-23 09:12 - 0002170 _____ () C:\ProgramData\restore_files_bjvdg.txt
2015-08-23 10:02 - 2015-08-23 10:03 - 0003822 _____ () C:\ProgramData\restore_files_fmlub.html
2015-08-23 10:02 - 2015-08-23 10:03 - 0002170 _____ () C:\ProgramData\restore_files_fmlub.txt
2015-08-23 08:39 - 2015-08-23 08:41 - 0003822 _____ () C:\ProgramData\restore_files_hvdux.html
2015-08-23 08:39 - 2015-08-23 08:41 - 0002170 _____ () C:\ProgramData\restore_files_hvdux.txt
2015-08-22 16:29 - 2015-08-22 16:29 - 0005081 _____ () C:\ProgramData\restore_files_mkkgj.html
2015-08-22 16:29 - 2015-08-22 16:29 - 0002253 _____ () C:\ProgramData\restore_files_mkkgj.txt
2015-08-22 06:46 - 2015-08-22 06:48 - 0003822 _____ () C:\ProgramData\restore_files_qnhwg.html
2015-08-22 06:46 - 2015-08-22 06:48 - 0002170 _____ () C:\ProgramData\restore_files_qnhwg.txt
2015-08-23 10:01 - 2015-08-23 10:01 - 0003822 _____ () C:\ProgramData\restore_files_swkdn.html
2015-08-23 10:01 - 2015-08-23 10:01 - 0002170 _____ () C:\ProgramData\restore_files_swkdn.txt
2015-10-06 18:32 - 2015-10-06 18:32 - 0005120 _____ () C:\ProgramData\taskhost.exe
2015-10-06 18:31 - 2015-10-06 18:31 - 0004096 _____ () C:\ProgramData\VjcYNwLhFDE6.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-01 21:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by user (2015-10-09 19:15:05)
Running from C:\Users\user\Downloads
Microsoft Windows 7 Ultimate (X86) (2013-12-03 04:56:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2083325841-3239248121-869660377-500 - Administrator - Disabled)
Guest (S-1-5-21-2083325841-3239248121-869660377-501 - Limited - Disabled)
user (S-1-5-21-2083325841-3239248121-869660377-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
FlashCut CNC 3 (HKLM\...\{3D977399-5981-462B-A47E-7EA6DF472C84}) (Version: 3.0.7991 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Sandboxie 4.06 (32-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

02-09-2015 18:02:33 Scheduled Checkpoint
09-09-2015 21:02:49 Scheduled Checkpoint
17-09-2015 17:20:18 Scheduled Checkpoint
24-09-2015 21:06:02 Scheduled Checkpoint
01-10-2015 21:29:18 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08AD9823-5BE4-451E-8A3B-2453186050AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {51E7EA72-7F13-451C-A4F0-8EB787A98834} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5FFD2335-5EC0-4AB4-8CD3-86A936DFACED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B8C34CBC-35DC-4DE4-9414-9C4AAC684B11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {BC510C08-B5B7-45C6-8E10-4369C7ADEF4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C244040A-CD9D-4FFB-AADB-A56088BBF45D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {D6B9AECD-45A8-4C6A-9953-063848528046} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-26 18:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-26 18:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-26 18:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-20 14:47 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-20 14:47 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-06 18:30 - 2015-10-06 18:30 - 00004096 _____ () C:\Windows\TEMP\~ECED.tmp.exe
2015-10-06 18:32 - 2015-10-06 18:32 - 00005120 _____ () C:\ProgramData\taskhost.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\user\Desktop\USDF Region 6 3rd Level Freestyle Champs Prescription and LIz.avi.aaa:TOC.WMV

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2083325841-3239248121-869660377-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{146EED79-38FC-46E9-B0E7-475D0F4B35B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7ECE3F12-8821-4161-86EE-D3595DB6DD95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{270D27C4-A42F-4EB8-BBB1-2DD1C4700592}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{13536BCF-935B-40C1-B136-CECE63D9B4A1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2CA02A6-95B7-46B8-9CA4-942B56A8F0C7}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCF2EBC8-E806-4EC9-9FD5-2008A67E3687}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{260DD4DF-6237-4E59-8078-DE165E8B3040}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D01181C8-43D3-409E-9535-F16252C1BE64}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2AAEC011-3B36-4309-8C5A-B98483A6B455}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 03:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bec

Start Time: 01d102cd4b208838

Termination Time: 16

Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: e3dacfcb-6ec0-11e5-8ff0-0016418fd44e

Error: (10/09/2015 11:19:15 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (10/09/2015 11:19:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (10/02/2015 08:26:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (10/02/2015 08:26:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (10/02/2015 12:53:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a04

Start Time: 01d0fd3a3ba624b5

Termination Time: 29

Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 86ed4303-692e-11e5-80c1-0016418fd44e

Error: (10/02/2015 12:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e38

Start Time: 01d0fd388b4eef10

Termination Time: 16

Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 0c491d4d-692c-11e5-80c1-0016418fd44e

Error: (10/01/2015 07:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.1.5750, time stamp: 0x560b37be
Faulting module name: mozglue.dll, version: 41.0.1.5750, time stamp: 0x560b229d
Exception code: 0x80000003
Fault offset: 0x0000ec7f
Faulting process id: 0xcd0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/01/2015 07:28:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.1.5750 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec8

Start Time: 01d0fca7c91dba3b

Termination Time: 11

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id:

Error: (09/28/2015 11:53:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.0.5738 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 630

Start Time: 01d0f97f6c5a0d22

Termination Time: 34

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 77bd087d-6601-11e5-bc43-0016418fd44e

System errors:
=============
Error: (10/09/2015 07:12:52 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (10/09/2015 07:08:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (10/09/2015 07:08:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (10/09/2015 07:08:42 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6C1E3C77-1C84-43C7-8007-77C8B6A57208} because another computer on the network has the same name. The server could not start.

Error: (10/08/2015 04:29:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (10/08/2015 04:29:27 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (10/08/2015 04:29:27 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6C1E3C77-1C84-43C7-8007-77C8B6A57208} because another computer on the network has the same name. The server could not start.

Error: (10/07/2015 03:44:48 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (10/07/2015 03:44:48 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6C1E3C77-1C84-43C7-8007-77C8B6A57208} because another computer on the network has the same name. The server could not start.

Error: (10/06/2015 09:34:47 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.97 MB
Available physical RAM: 544.35 MB
Total Virtual: 4075.95 MB
Available Virtual: 2649.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:254.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: B848D491)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

My computer is running very slow and is not opening programs that it used to. It will not let me run spybot and it wont let me run ASWMBR. exe
Please help.

**Juliet** · 2015-10-11, 02:15

P2P Warning

------------------------------
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.

Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~~~~~~~~~`

If you can download these next tools to desktop, and then have problems ttrying to get them to run, please boot into safe mode and try again.

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this

~~~~~~~~~~

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
MalwareBytes log
AdwCleaner[CX].txt
JRT.txt

**Red_Earth** · 2015-10-12, 21:30

Utorrent had already been uninstalled by the time I had started this thread, but to be sure, I followed the instructions for removing Utorrent, and it did not appear as an option for uninstall. I have the .exe for malwarebytes, and one of the problems is I cannot get it to run. I also cannot get spybot to run scan. I have run the adwCleaner, and the results follow. (although I did not see a report button, this is the log it gave me.)

# AdwCleaner v5.013 - Logfile created 12/10/2015 at 14:03:00
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\VjcYNwLhFDE6.dll
[-] File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\ask-web-search.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Web browsers ] *****

[-] [C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
[-] [C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
[-] [C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=5511A651-82A3-4CC4-907D-C555A1F8DFCE&n=781b8b1b&p2=^ZX^foxyyy^YYA^us");
[-] [C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2318 bytes] ##########

junkware reprt will follow

**Red_Earth** · 2015-10-12, 21:39

I could not run the JRT file, even as administrator. It says nothing; it just doesn'topen or run.

**Juliet** · 2015-10-12, 23:24

By chance did you try safe mode?

Could be your computers onboard protection is interring.

Turn Windows Defender on or off
http://windows.microsoft.com/en-us/w...-off=windows-7
~~~~~~~~~~~~

I want you to find FRST.txt and Addition.txt (from previous run) and send or drag them to the recycle bin.

~~~~~~~~~~~~`

Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

**Red_Earth** · 2015-10-13, 00:38

I open in safe mode and malwarebytes and JRT wont run and spybot wont do a scan. also windows defender will not allow me to select tools. it wont highlight as an option. It also wont update. Here is my new FRST logs though.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-10-2015
Ran by user (administrator) on USER-PC (12-10-2015 17:30:22)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [VjcYNwLhFDE6] => regsvr32.exe /s "C:\PROGRA~2\VjcYNwLhFDE6.dll"
HKLM\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
HKU\S-1-5-18\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_mkkgj.html [2015-08-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_mkkgj.txt [2015-08-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_qnhwg.html [2015-08-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\restore_files_qnhwg.txt [2015-08-22] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{20396C80-FAE6-446D-A19D-054238E5CE4E}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6C1E3C77-1C84-43C7-8007-77C8B6A57208}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2083325841-3239248121-869660377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2083325841-3239248121-869660377-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_mkkgj.html [2015-08-22]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_mkkgj.txt [2015-08-22]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_qnhwg.html [2015-08-22]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\searchplugins\restore_files_qnhwg.txt [2015-08-22]
FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vk605143.default\Extensions\firefox@ghostery.com.xpi [2015-05-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-31]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-31]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-31]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-31]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 17:30 - 2015-10-12 17:30 - 00008187 _____ C:\Users\user\Desktop\FRST.txt
2015-10-12 17:29 - 2015-10-12 17:29 - 01699840 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-10-12 17:29 - 2015-10-12 17:29 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2015-10-12 17:27 - 2015-10-12 17:28 - 00003355 _____ C:\Windows\system32\DB3841779606
2015-10-12 17:26 - 2015-10-12 17:26 - 00000640 _____ C:\Users\user\Desktop\AdwCleaner[S3].txt
2015-10-12 14:31 - 2015-10-12 14:31 - 01801288 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
2015-10-12 13:59 - 2015-10-12 17:25 - 00000000 ____D C:\AdwCleaner
2015-10-12 13:59 - 2015-10-12 13:59 - 01682432 _____ C:\Users\user\Desktop\AdwCleaner.exe
2015-10-10 18:34 - 2015-10-12 14:04 - 00000168 _____ C:\Windows\setupact.log
2015-10-10 18:34 - 2015-10-10 18:34 - 00000000 _____ C:\Windows\setuperr.log
2015-10-10 15:20 - 2015-10-10 15:20 - 00000000 ____D C:\Users\user\Documents\ProcAlyzer Dumps
2015-10-10 13:10 - 2015-10-12 17:20 - 00017595 _____ C:\Windows\WindowsUpdate.log
2015-10-09 20:42 - 2015-10-09 20:42 - 00000355 _____ C:\Users\user\Desktop\Computer - Shortcut.lnk
2015-10-09 20:41 - 2015-10-09 20:53 - 00000000 ____D C:\Users\user\Desktop\flac
2015-10-09 20:10 - 2015-10-09 20:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Ultimate-(32-bit).dat
2015-10-09 20:10 - 2015-10-09 20:10 - 00000000 ____D C:\RegBackup
2015-10-09 19:38 - 2015-10-09 19:38 - 05200384 _____ (AVAST Software) C:\Users\user\Downloads\aswmbr (2).exe
2015-10-09 19:27 - 2015-10-09 19:27 - 00002181 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-09 19:27 - 2015-10-09 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-09 19:26 - 2015-10-09 19:26 - 04687448 _____ (Tweaking.com) C:\Users\user\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-09 19:26 - 2015-10-09 19:26 - 00000000 ____D C:\Program Files\Tweaking.com
2015-10-09 19:20 - 2015-10-09 19:20 - 05200384 _____ (AVAST Software) C:\Users\user\Downloads\aswmbr (1).exe
2015-10-09 19:17 - 2015-10-09 19:18 - 05200384 _____ (AVAST Software) C:\Users\user\Downloads\aswmbr.exe
2015-10-09 19:15 - 2015-10-09 19:15 - 00017372 _____ C:\Users\user\Downloads\Addition.txt
2015-10-09 19:14 - 2015-10-09 19:15 - 00018107 _____ C:\Users\user\Downloads\FRST.txt
2015-10-09 19:14 - 2015-10-09 19:14 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2015-10-09 19:13 - 2015-10-12 17:30 - 00000000 ____D C:\FRST
2015-10-09 19:13 - 2015-10-09 19:14 - 01698304 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-10-09 14:59 - 2015-10-09 14:59 - 01822048 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent (1).exe
2015-10-06 18:32 - 2015-10-06 18:32 - 00005120 _____ C:\ProgramData\taskhost.exe
2015-10-02 12:33 - 2015-10-02 12:33 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent(1).exe
2015-10-02 12:28 - 2015-10-09 15:07 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-10-02 12:26 - 2015-10-02 12:27 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe
2015-09-30 21:31 - 2015-10-02 06:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-20 14:54 - 2015-09-20 14:54 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-20 14:54 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-20 14:47 - 2015-10-10 15:27 - 00002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-20 14:47 - 2015-09-20 14:47 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-20 14:47 - 2015-09-20 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-20 14:47 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-09-20 14:34 - 2015-09-20 14:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-09-20 14:03 - 2015-09-20 14:03 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-20 14:03 - 2015-09-20 14:03 - 00000000 ____D C:\Program Files\CCleaner
2015-09-20 14:02 - 2015-09-20 14:03 - 06667640 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup509.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 17:20 - 2009-07-13 23:34 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-12 17:20 - 2009-07-13 23:34 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-12 17:02 - 2015-05-18 19:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-12 17:02 - 2015-05-18 19:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-12 17:02 - 2015-05-16 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-12 14:04 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-11 11:41 - 2015-08-25 06:42 - 03620460 _____ C:\Windows\system32\CFG3841779606
2015-10-11 08:29 - 2014-02-21 00:58 - 00001536 _____ C:\Windows\Sandboxie.ini
2015-10-10 15:26 - 2015-07-26 18:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-09 15:04 - 2015-05-31 20:38 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-10-05 16:57 - 2015-07-22 07:03 - 00000000 ____D C:\Windows\Minidump
2015-10-05 14:45 - 2013-12-02 23:58 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 15:53 - 2015-08-31 19:45 - 00000000 ____D C:\Users\user\AppData\Roaming\tor
2015-10-02 06:56 - 2014-02-21 00:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-27 14:35 - 2015-05-18 19:08 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 06:48 - 2015-08-23 11:02 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-23 06:48 - 2015-05-16 16:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-23 06:48 - 2015-05-16 16:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-20 14:54 - 2015-07-26 18:46 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-09-20 14:03 - 2015-07-26 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-19 18:08 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-19 18:08 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-19 18:07 - 2015-05-18 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-19 18:07 - 2015-05-18 19:07 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-09-19 18:07 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-09-19 18:07 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

2015-08-22 16:45 - 2015-08-22 16:45 - 0005081 _____ () C:\Users\user\AppData\Roaming\restore_files_mkkgj.html
2015-08-22 16:45 - 2015-08-22 16:45 - 0002253 _____ () C:\Users\user\AppData\Roaming\restore_files_mkkgj.txt
2015-08-22 07:05 - 2015-08-22 07:05 - 0003822 _____ () C:\Users\user\AppData\Roaming\restore_files_qnhwg.html
2015-08-22 07:05 - 2015-08-22 07:05 - 0002170 _____ () C:\Users\user\AppData\Roaming\restore_files_qnhwg.txt
2015-08-23 09:12 - 2015-08-23 09:12 - 0003822 _____ () C:\Users\user\AppData\Local\restore_files_bjvdg.html
2015-08-23 09:12 - 2015-08-23 09:12 - 0002170 _____ () C:\Users\user\AppData\Local\restore_files_bjvdg.txt
2015-08-23 08:41 - 2015-08-23 08:41 - 0003822 _____ () C:\Users\user\AppData\Local\restore_files_hvdux.html
2015-08-23 08:41 - 2015-08-23 08:41 - 0002170 _____ () C:\Users\user\AppData\Local\restore_files_hvdux.txt
2015-08-22 16:29 - 2015-08-22 16:43 - 0005081 _____ () C:\Users\user\AppData\Local\restore_files_mkkgj.html
2015-08-22 16:29 - 2015-08-22 16:43 - 0002253 _____ () C:\Users\user\AppData\Local\restore_files_mkkgj.txt
2015-08-22 06:48 - 2015-08-22 07:01 - 0003822 _____ () C:\Users\user\AppData\Local\restore_files_qnhwg.html
2015-08-22 06:48 - 2015-08-22 07:01 - 0002170 _____ () C:\Users\user\AppData\Local\restore_files_qnhwg.txt
2015-08-23 09:02 - 2015-08-23 09:03 - 0429427 _____ (Boxer Software) C:\ProgramData\716C5D6A.EX
2015-08-23 09:10 - 2015-08-23 09:12 - 0003822 _____ () C:\ProgramData\restore_files_bjvdg.html
2015-08-23 09:10 - 2015-08-23 09:12 - 0002170 _____ () C:\ProgramData\restore_files_bjvdg.txt
2015-08-23 10:02 - 2015-08-23 10:03 - 0003822 _____ () C:\ProgramData\restore_files_fmlub.html
2015-08-23 10:02 - 2015-08-23 10:03 - 0002170 _____ () C:\ProgramData\restore_files_fmlub.txt
2015-08-23 08:39 - 2015-08-23 08:41 - 0003822 _____ () C:\ProgramData\restore_files_hvdux.html
2015-08-23 08:39 - 2015-08-23 08:41 - 0002170 _____ () C:\ProgramData\restore_files_hvdux.txt
2015-08-22 16:29 - 2015-08-22 16:29 - 0005081 _____ () C:\ProgramData\restore_files_mkkgj.html
2015-08-22 16:29 - 2015-08-22 16:29 - 0002253 _____ () C:\ProgramData\restore_files_mkkgj.txt
2015-08-22 06:46 - 2015-08-22 06:48 - 0003822 _____ () C:\ProgramData\restore_files_qnhwg.html
2015-08-22 06:46 - 2015-08-22 06:48 - 0002170 _____ () C:\ProgramData\restore_files_qnhwg.txt
2015-08-23 10:01 - 2015-08-23 10:01 - 0003822 _____ () C:\ProgramData\restore_files_swkdn.html
2015-08-23 10:01 - 2015-08-23 10:01 - 0002170 _____ () C:\ProgramData\restore_files_swkdn.txt
2015-10-06 18:32 - 2015-10-06 18:32 - 0005120 _____ () C:\ProgramData\taskhost.exe

Files to move or delete:
====================
C:\ProgramData\taskhost.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-12 13:47

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-10-2015
Ran by user (2015-10-12 17:30:59)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate (X86) (2013-12-03 04:56:25)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2083325841-3239248121-869660377-500 - Administrator - Disabled)
Guest (S-1-5-21-2083325841-3239248121-869660377-501 - Limited - Disabled)
user (S-1-5-21-2083325841-3239248121-869660377-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
FlashCut CNC 3 (HKLM\...\{3D977399-5981-462B-A47E-7EA6DF472C84}) (Version: 3.0.7991 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Sandboxie 4.06 (32-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

17-09-2015 17:20:18 Scheduled Checkpoint
24-09-2015 21:06:02 Scheduled Checkpoint
01-10-2015 21:29:18 Scheduled Checkpoint
10-10-2015 03:26:41 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08AD9823-5BE4-451E-8A3B-2453186050AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {51E7EA72-7F13-451C-A4F0-8EB787A98834} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5FFD2335-5EC0-4AB4-8CD3-86A936DFACED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B8C34CBC-35DC-4DE4-9414-9C4AAC684B11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {BC510C08-B5B7-45C6-8E10-4369C7ADEF4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C244040A-CD9D-4FFB-AADB-A56088BBF45D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {D6B9AECD-45A8-4C6A-9953-063848528046} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-26 18:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-26 18:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\user\Desktop\USDF Region 6 3rd Level Freestyle Champs Prescription and LIz.avi.aaa:TOC.WMV

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2083325841-3239248121-869660377-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{146EED79-38FC-46E9-B0E7-475D0F4B35B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7ECE3F12-8821-4161-86EE-D3595DB6DD95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{270D27C4-A42F-4EB8-BBB1-2DD1C4700592}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{13536BCF-935B-40C1-B136-CECE63D9B4A1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2CA02A6-95B7-46B8-9CA4-942B56A8F0C7}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCF2EBC8-E806-4EC9-9FD5-2008A67E3687}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{260DD4DF-6237-4E59-8078-DE165E8B3040}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D01181C8-43D3-409E-9535-F16252C1BE64}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2AAEC011-3B36-4309-8C5A-B98483A6B455}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 03:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bec

Start Time: 01d102cd4b208838

Termination Time: 16

Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: e3dacfcb-6ec0-11e5-8ff0-0016418fd44e

Error: (10/09/2015 11:19:15 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (10/09/2015 11:19:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (10/02/2015 08:26:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (10/02/2015 08:26:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (10/02/2015 12:53:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a04

Start Time: 01d0fd3a3ba624b5

Termination Time: 29

Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 86ed4303-692e-11e5-80c1-0016418fd44e

Error: (10/02/2015 12:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e38

Start Time: 01d0fd388b4eef10

Termination Time: 16

Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 0c491d4d-692c-11e5-80c1-0016418fd44e

Error: (10/01/2015 07:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.1.5750, time stamp: 0x560b37be
Faulting module name: mozglue.dll, version: 41.0.1.5750, time stamp: 0x560b229d
Exception code: 0x80000003
Fault offset: 0x0000ec7f
Faulting process id: 0xcd0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/01/2015 07:28:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.1.5750 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec8

Start Time: 01d0fca7c91dba3b

Termination Time: 11

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id:

Error: (09/28/2015 11:53:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.0.5738 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 630

Start Time: 01d0f97f6c5a0d22

Termination Time: 34

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 77bd087d-6601-11e5-bc43-0016418fd44e

System errors:
=============
Error: (10/12/2015 05:21:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/12/2015 05:21:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/12/2015 05:21:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/12/2015 05:21:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/12/2015 05:21:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/12/2015 05:21:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/12/2015 05:21:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/12/2015 05:21:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/12/2015 05:21:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/12/2015 05:21:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 32%
Total physical RAM: 2037.97 MB
Available physical RAM: 1368.57 MB
Total Virtual: 4075.95 MB
Available Virtual: 3476.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:249.88 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: B848D491)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**Juliet** · 2015-10-13, 01:33

Let's see if this helps.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [VjcYNwLhFDE6] => regsvr32.exe /s "C:\PROGRA~2\VjcYNwLhFDE6.dll"
2015-10-09 14:59 - 2015-10-09 14:59 - 01822048 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent (1).exe
2015-10-02 12:33 - 2015-10-02 12:33 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent(1).exe
2015-10-02 12:28 - 2015-10-09 15:07 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-10-02 12:26 - 2015-10-02 12:27 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe
C:\ProgramData\taskhost.exe
AlternateDataStreams: C:\Users\user\Desktop\USDF Region 6 3rd Level Freestyle Champs Prescription and LIz.avi.aaa:TOC.WMV
FirewallRules: [{13536BCF-935B-40C1-B136-CECE63D9B4A1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2CA02A6-95B7-46B8-9CA4-942B56A8F0C7}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCF2EBC8-E806-4EC9-9FD5-2008A67E3687}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{260DD4DF-6237-4E59-8078-DE165E8B3040}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D01181C8-43D3-409E-9535-F16252C1BE64}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2AAEC011-3B36-4309-8C5A-B98483A6B455}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~``

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

Please click by the introduction screen on the Next button to continue.

Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

When the update has finished, click on the Next button.

Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.

~~~~~~~~~~~~~~

Please post these 2 logs when done.

**Juliet** · 2015-10-13, 02:32

We're having severe storms with lightning, possibility of losing power.

Might not make it back here till morning.

**Red_Earth** · 2015-10-13, 19:56

Fix result of Farbar Recovery Scan Tool (x86) Version:12-10-2015
Ran by user (2015-10-13 12:50:24) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [VjcYNwLhFDE6] => regsvr32.exe /s "C:\PROGRA~2\VjcYNwLhFDE6.dll"
2015-10-09 14:59 - 2015-10-09 14:59 - 01822048 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent (1).exe
2015-10-02 12:33 - 2015-10-02 12:33 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent(1).exe
2015-10-02 12:28 - 2015-10-09 15:07 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-10-02 12:26 - 2015-10-02 12:27 - 01821536 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe
C:\ProgramData\taskhost.exe
AlternateDataStreams: C:\Users\user\Desktop\USDF Region 6 3rd Level Freestyle Champs Prescription and LIz.avi.aaa:TOC.WMV
FirewallRules: [{13536BCF-935B-40C1-B136-CECE63D9B4A1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2CA02A6-95B7-46B8-9CA4-942B56A8F0C7}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCF2EBC8-E806-4EC9-9FD5-2008A67E3687}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{260DD4DF-6237-4E59-8078-DE165E8B3040}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D01181C8-43D3-409E-9535-F16252C1BE64}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2AAEC011-3B36-4309-8C5A-B98483A6B455}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
EmptyTemp:
Hosts:
End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VjcYNwLhFDE6 => value removed successfully.
C:\Users\user\Downloads\uTorrent (1).exe => moved successfully
C:\Users\user\Downloads\uTorrent(1).exe => moved successfully
C:\Users\user\AppData\LocalLow\uTorrent => moved successfully
C:\Users\user\Downloads\uTorrent.exe => moved successfully
C:\ProgramData\taskhost.exe => moved successfully
C:\Users\user\Desktop\USDF Region 6 3rd Level Freestyle Champs Prescription and LIz.avi.aaa => ":TOC.WMV" ADS removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13536BCF-935B-40C1-B136-CECE63D9B4A1} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2CA02A6-95B7-46B8-9CA4-942B56A8F0C7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCF2EBC8-E806-4EC9-9FD5-2008A67E3687} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{260DD4DF-6237-4E59-8078-DE165E8B3040} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D01181C8-43D3-409E-9535-F16252C1BE64} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AAEC011-3B36-4309-8C5A-B98483A6B455} => value removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 66.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 12:50:34 ====

**Red_Earth** · 2015-10-13, 20:04

I downloaded MBAR from the hyperlink, and again, when prompted it does not open or run.

Thread: computer under attack!

Thread Tools

Display

computer under attack!

okay, understood.

failed

safe mode isnt allowing me either

frst fixlog

Mbar

Posting Permissions