[Pretty sure I'm Infected]

ran CHDSK and it found no errors etc.

 

here is the toolbox file:

 

Result.txt

[Pretty sure I'm Infected]

ok cool, I will finally have a chance to do that tonight, works been busy

[Pretty sure I'm Infected]

sorry, been a busy last 24 hours, i will get the scan done for sure this evening.

[Pretty sure I'm Infected]

ok doing that in the next hour and thanks ron

[Dual Layer DVD Burner Burn blu ray quality movie?]

Just had a quick question. I havent burnt a dvd pretty well in years but recently i decided to make a copy of one of my favorite blu ray movies seeing as my daughter got ahold of my other one and ruined it lol. So this time i want to keep a backup copy. Now heres the thing. I have ripped it onto my pc and now have the file . My acer aspire 5560 supports burning large files via dual layer discs, so am i good to go at burning this thing back onto a dual layer dvd and retaining the quality of the original? I know this dvd writer does not support watching blu ray movies on disc on my pc but im sure i can write one to a dual layer, correct?

[Pretty sure I'm Infected]

minitoolbox:

 

Result.txt

 

also a quick question. I noticed when i checked some processes earlier tonite, i have a factory installed backup tool called acer backup manager but i also have one called norton backup. I assume i only need one on this system so maybe if we had some free time in the next few days i can paste some info and we can see if i could possibly get rid of the norton one? Thanks

 

P.S. - after running minitoolbox,  I noticed my computer is running remarkably faster and way less laggy on certain websites and just faster in general which is great. Any reason why it is so night and day since running minitoolbox? Thanks !!

[Pretty sure I'm Infected]

still want me to run mini toolbox?

[Pretty sure I'm Infected]

error details coming up

[Pretty sure I'm Infected]

hmm cant make a restore point, getting an error. Help is appreciated

[Pretty sure I'm Infected]

Oh i also need instructions uninstalling combofix, otherwise the pc seems good

 

and thanks a lot for your help.

 

also noticed i have a process running i havent seen before.... its called

 

ieinstal.exe

 

any idea why thats running?

[Pretty sure I'm Infected]

Its a computer game HOD (Hidden Object Game), i thought that was weird too with it showing up in the security scan lol. Should I uninstall it or what do you figure? Updating Adobe now

[Pretty sure I'm Infected]

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 5.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 I SPY - Treasure Hunt
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[Pretty sure I'm Infected]

computer seems good and vuze still runs without java ( I only use vuze as a streaming device) so thats good. Pretty sure we are out of the woods. I still need to uninstall combofix, and i removed the pupblabber that malwarebytes picked up. Any other scans we should run or are we good?

[Pretty sure I'm Infected]

ran eset and it found things, one looks like an old firefox setup.exe (not sure why i kept it) that i dont use but i also have eset as my AV so it picked it up later and got rid of it. The other threat it found was a program called vuze which i thought was safe. I use it for converting files and streaming media to my xbox wirelessly. Should i uninstall it? That would suck since its handy for streaming videos and music, but let me know. It has a download portion as well, but i never use that. I only use it for streaming music and video to my xbox and phone.

 

eset.txt

[Pretty sure I'm Infected]

ok cool

 

i also have something weird happening with firefox now. Everytime i reboot my pc i am having to reinstall adobe flash plyer which is needed for many websites. any reason why that would happen?

[Pretty sure I'm Infected]

found the same thing as last time i think, other than that is my pc looking better and clean?

 

java log:

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Sep 03 23:29:18 2013

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.
 

[Pretty sure I'm Infected]

ok

[Pretty sure I'm Infected]

Bit of info, sun java update is still showing up in msconfig for startup but it is deselected.

[Pretty sure I'm Infected]

ok booting now and heres the log, looks like it worked on some stuff, but not on all:

 

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 03
Ran by Murry at 2013-09-03 21:52:07 Run:1
Running from C:\Users\Murry\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {BCD1766E-E353-45D4-855F-2D233904E295} URL = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=kw&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM4CA&apn_uid=B8E2EC7B-C583-4633-9512-D1944601DDF7&apn_sauid=F8557941-DADF-4B46-9B10-A0E66F30E789
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}
FF Extension: No Name - C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
C:\Users\Murry\AppData\Local\Temp\ccex.crx
C:\Users\Murry\AppData\Local\CRE\hphdpodilhoiknmoeaknhhmjnmmfigip.crx
C:\Users\Murry\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
C:\Users\Murry\AppData\Local\Temp\13-4_mobility_win7_win8_64_dd_ccc_whql.exe
C:\Users\Murry\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe
C:\Users\Murry\AppData\Local\Temp\i4jdel0.exe
C:\Users\Murry\AppData\Local\Temp\clear.fiClient\cabarc.exe

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCD1766E-E353-45D4-855F-2D233904E295} => Key deleted successfully.
HKCR\CLSID\{BCD1766E-E353-45D4-855F-2D233904E295} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype4com => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => Key deleted successfully.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}" => File/Directory not found.
C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi => Moved successfully.
C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi => Moved successfully.
C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi => Moved successfully.
"C:\Users\Murry\AppData\Local\Temp\ccex.crx" => File/Directory not found.
"C:\Users\Murry\AppData\Local\CRE\hphdpodilhoiknmoeaknhhmjnmmfigip.crx" => File/Directory not found.
"C:\Users\Murry\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx" => File/Directory not found.
C:\Users\Murry\AppData\Local\Temp\13-4_mobility_win7_win8_64_dd_ccc_whql.exe => Moved successfully.
C:\Users\Murry\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe => Moved successfully.
C:\Users\Murry\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Murry\AppData\Local\Temp\clear.fiClient\cabarc.exe => Moved successfully.

==== End of Fixlog ====

[Pretty sure I'm Infected]

ok doing it now

[Pretty sure I'm Infected]

hmmm i have an update for you.

 

While i was bored, i decided to run a malwarebytes scan since i havent done one in a week. It found something. It is to do with google chrome but the strange thing is i havent used google chrome as a browser in over a year or more. Should i clean the infected item and then uninstll google chrome, or close mlwrebytes, leave it as is for now and continue on until later?  malwarebytes log below:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Murry :: MURRY-PC [administrator]

03/09/2013 9:24:35 PM
MBAM-log-2013-09-03 (21-29-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225211
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok (PUP.Optional.ATDheNetTVAp.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[Pretty sure I'm Infected]

Ok FarBar logs coming and i wasnt supposed to select fix correct? I didnt anyways but wanted to make sure. Also i ran the java remover and got a log with some errors. Maybe its because i manually uninstalled the current jav and didnt restart yet an then used the remover tool? Seems like all firefox instances of java werent removed and I had frefox closed as well... Not sure, but java log attached as well:

 

FRST.txtAddition.txtJavaRa.log

[Pretty sure I'm Infected]

P.S. is there a good program to make sure i install all instances of java fully?

[Pretty sure I'm Infected]

My bad on that, although I installed that a few days ago, it makes it easier for me to stream youtube and netflix etc. to my tv. I am certain it is a 100% legit product but my bad, i wont install anymore programs.

 

Farbar coming up.

[Pretty sure I'm Infected]

ComboFix.txt