Jump to content

Recommended Posts

The past few days my pc has been acting weird. Now today it wont access most common websites. I cant access target, walmart, Facebook, Amazon. But i can access Craigslist and a few other sites. The ones i cant access, the connection times out. My pc takes longer these days to boot up from a cold start. I ran Hijackthis, and clicked on Analyze this, but the page that is supposed to load afterwards, doenst. Can someone help?

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Thanks,

 

Kevin.....

Link to post
Share on other sites

Here is the FRST.Txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02
Ran by Mike (administrator) on TRON33 on 27-01-2014 15:29:24
Running from C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\ZBSQBZN9
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
(Xfire Inc.) C:\Program Files\Xfire\Xfire.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft) C:\Program Files\MR APP\MRAPP.UI.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\ZBSQBZN9\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [iObit Malware Fighter] - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1573184 2013-12-13] (IObit)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-09] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.)
HKCU\...\Run: [Advanced SystemCare 7] - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-18] (IObit)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL =
SearchScopes: HKCU - DefaultScope {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL = http://www.inboxdollars.com/search/results?ourmark=4&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL = http://www.inboxdollars.com/search/results?ourmark=4&q={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120703132834.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 %SYSTEMROOT%\system32\nvappfilter.dll [131072] (NVIDIA)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\nvappfilter.dll [131072] (NVIDIA)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\nvappfilter.dll [131072] (NVIDIA)
Winsock: Catalog9 19 %SYSTEMROOT%\system32\nvappfilter.dll [131072] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======


CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchURL: http://www.bing.com/search?FORM=U040DF&PC=U040&dt=080313&q={searchTerms}&src=IE-SearchBox
CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06]
CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13]
CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-10-29]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] ()
R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-06] (Apache Software Foundation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation)
R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] ()
R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd)

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2013-03-23] (IObit)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation)
S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2013-11-19] (IObit.com)
S4 IntelIde; No ImagePath
U3 mfeavfk01; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-27 15:29 - 2014-01-27 15:29 - 00000000 ____D C:\FRST
2014-01-27 08:13 - 2014-01-27 08:13 - 00000929 _____ C:\Documents and Settings\Mike\Desktop\Continue Firefox Installation.lnk
2014-01-24 15:35 - 2014-01-24 15:35 - 00000000 ____D C:\Documents and Settings\Mike\Desktop\from camcorder
2014-01-24 11:14 - 2014-01-24 11:14 - 00000866 _____ C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2014-01-24 11:11 - 2014-01-24 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-24 11:11 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-24 11:11 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-24 11:11 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-24 11:11 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-24 11:11 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-24 11:10 - 2014-01-24 11:11 - 00005134 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-22 16:23 - 2014-01-27 15:13 - 00000157 _____ C:\WINDOWS\wiadebug.log
2014-01-22 16:23 - 2014-01-27 15:13 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-22 16:22 - 2014-01-27 08:50 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-22 16:22 - 2014-01-22 16:22 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2014-01-15 17:27 - 2014-01-15 17:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 15:05 - 2008-04-13 17:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-01-14 15:05 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-01-02 13:07 - 2014-01-02 13:07 - 00001727 _____ C:\Documents and Settings\All Users\Desktop\NCH Software.lnk
2014-01-02 13:07 - 2014-01-02 13:07 - 00000823 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pixillion Image Converter.lnk
2014-01-02 13:07 - 2014-01-02 13:07 - 00000817 _____ C:\Documents and Settings\All Users\Desktop\Pixillion Image Converter.lnk
2014-01-02 13:07 - 2014-01-02 13:07 - 00000282 _____ C:\WINDOWS\Tasks\PixillionSevenDays.job

==================== One Month Modified Files and Folders =======

2014-01-27 15:29 - 2014-01-27 15:29 - 00000000 ____D C:\FRST
2014-01-27 15:28 - 2013-02-26 07:50 - 00012736 _____ C:\WINDOWS\system32\nvAppTimestamps
2014-01-27 15:23 - 2012-04-09 18:26 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 15:23 - 2012-04-04 21:41 - 00000000 _____ C:\WINDOWS\system32\nmp.log
2014-01-27 15:15 - 2012-04-04 20:23 - 01606599 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-27 15:13 - 2014-01-22 16:23 - 00000157 _____ C:\WINDOWS\wiadebug.log
2014-01-27 15:13 - 2014-01-22 16:23 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-27 15:13 - 2005-08-31 07:59 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-27 15:12 - 2013-10-29 08:08 - 00000274 _____ C:\WINDOWS\Tasks\Driver Booster Update.job
2014-01-27 15:12 - 2013-10-29 08:08 - 00000272 _____ C:\WINDOWS\Tasks\Driver Booster Scan.job
2014-01-27 15:12 - 2013-10-29 08:00 - 00000266 _____ C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2014-01-27 15:12 - 2012-04-09 18:26 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 15:12 - 2012-04-04 20:42 - 00000000 ____D C:\WINDOWS\system32\Lang
2014-01-27 15:12 - 2012-04-04 20:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-27 08:50 - 2014-01-22 16:22 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-27 08:50 - 2013-02-28 22:04 - 00507014 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat
2014-01-27 08:50 - 2013-02-28 22:04 - 00160782 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-27 08:50 - 2012-04-04 20:28 - 00000178 ___SH C:\Documents and Settings\Mike\ntuser.ini
2014-01-27 08:50 - 2012-04-04 20:28 - 00000000 ____D C:\Documents and Settings\Mike
2014-01-27 08:22 - 2012-04-06 09:22 - 00281872 _____ C:\WINDOWS\system32\PnkBstrB.xtr
2014-01-27 08:22 - 2012-04-05 08:06 - 00281872 _____ C:\WINDOWS\system32\PnkBstrB.exe
2014-01-27 08:22 - 2012-04-05 08:06 - 00139280 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-01-27 08:13 - 2014-01-27 08:13 - 00000929 _____ C:\Documents and Settings\Mike\Desktop\Continue Firefox Installation.lnk
2014-01-27 07:51 - 2012-04-04 21:02 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job
2014-01-27 07:32 - 2012-07-04 06:55 - 00000000 ____D C:\Documents and Settings\Mike\Desktop\Unused Desktop Shortcuts
2014-01-27 07:05 - 2012-04-05 08:06 - 00281872 _____ C:\WINDOWS\system32\PnkBstrB.ex0
2014-01-26 08:51 - 2012-04-04 21:02 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job
2014-01-24 15:35 - 2014-01-24 15:35 - 00000000 ____D C:\Documents and Settings\Mike\Desktop\from camcorder
2014-01-24 15:33 - 2012-04-12 04:40 - 00000000 ____D C:\Program Files\Xfire
2014-01-24 11:14 - 2014-01-24 11:14 - 00000866 _____ C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2014-01-24 11:14 - 2013-10-29 07:53 - 00001846 _____ C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk
2014-01-24 11:14 - 2013-10-29 07:53 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\IObit
2014-01-24 11:14 - 2013-10-29 07:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 7
2014-01-24 11:11 - 2014-01-24 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-24 11:11 - 2014-01-24 11:10 - 00005134 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-24 11:11 - 2013-03-27 17:01 - 00000000 ____D C:\Program Files\Java
2014-01-22 16:22 - 2014-01-22 16:22 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2014-01-22 10:49 - 2012-04-04 21:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-22 10:45 - 2012-04-04 13:19 - 00613438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-20 16:16 - 2012-08-23 16:42 - 00000000 ____D C:\Documents and Settings\Mike\My Documents\Wizard101
2014-01-17 11:55 - 2013-03-12 11:34 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-15 17:31 - 2013-08-08 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 17:27 - 2014-01-15 17:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 17:27 - 2012-04-04 23:33 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-02 13:07 - 2014-01-02 13:07 - 00001727 _____ C:\Documents and Settings\All Users\Desktop\NCH Software.lnk
2014-01-02 13:07 - 2014-01-02 13:07 - 00000823 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pixillion Image Converter.lnk
2014-01-02 13:07 - 2014-01-02 13:07 - 00000817 _____ C:\Documents and Settings\All Users\Desktop\Pixillion Image Converter.lnk
2014-01-02 13:07 - 2014-01-02 13:07 - 00000282 _____ C:\WINDOWS\Tasks\PixillionSevenDays.job
2014-01-02 13:07 - 2013-03-15 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2014-01-02 13:07 - 2013-03-15 11:51 - 00000000 ____D C:\Program Files\NCH Software
2014-01-01 09:08 - 2012-04-28 05:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM

Some content of TEMP:
====================
C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_Firefox_Setup[1].exe
C:\Documents and Settings\Mike\Local Settings\temp\jre-7u51-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Also the addition.txt is attached.

Addition.txt

Link to post
Share on other sites

I recommend that all references to IOBit and Advanced System care are UNinstalled ASAP, that software is bad news....

There are two Firewalls installed, McAfee and ActiveArmour. McAfee is part of a suite, uninstall ActiveArmor asap

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


 

Let me see those logs...

 

Kevin..

 

 

fixlist.txt

Link to post
Share on other sites

Sorry for taking long to respond back, Malwarebytes took a looong time to run.

Here is the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-01-2014 02
Ran by Mike at 2014-01-27 16:37:33 Run:1
Running from C:\Documents and Settings\Mike\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110;
C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_Firefox_Setup[1].exe
C:\Documents and Settings\Mike\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_Firefox_Setup[1].exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.

==== End of Fixlog ====

 

Here is Malwarebytes Log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: TRON33 [administrator]

1/27/2014 4:44:47 PM
mbam-log-2014-01-27 (16-44-47).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 449705
Time elapsed: 3 hour(s), 38 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\Tuguu SL\DownQuick (PUP.Optional.Tuguu.A) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Program Files\Flvto Youtube Downloader\adsetup.exe (PUP.Optional.InstallMonetizer.A) -> Quarantined and deleted successfully.

(end)

 

And last is AdwCleaner:

 

# AdwCleaner v3.017 - Report created 27/01/2014 at 23:17:16
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mike - TRON33
# Running from : C:\Documents and Settings\Mike\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\eSupport.com
Folder Deleted : C:\Documents and Settings\Mike\Application Data\NCH Software
File Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4219427B-0228-4356-A78B-EB7668D37D07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v

[ File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [4702 octets] - [27/01/2014 23:12:42]
AdwCleaner[s0].txt - [4599 octets] - [27/01/2014 23:17:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4659 octets] ##########

Link to post
Share on other sites

Thanks for the update, do the following:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Next,

 

Download and install CCleaner from here: http://www.piriform.com/ccleaner/builds Make sure to opt for the "Slim version" that will have no toolbar additions.

 

When CCLeaner is installed run that program, Select > Tools > Start up > Windows tab. That will show the startup entries for Windows. If you look to the bottom righthand corner click on "Save to text file" select and save that file, post in next log.

 

Kevin

Link to post
Share on other sites

Here is the Checkup.txt:

 

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
McAfee Anti-Virus and Anti-Spyware  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 51 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

 

Here is Startup.txt:

 

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
McAfee Anti-Virus and Anti-Spyware  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 51 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Ooops, sorry. Here is startup.txt:

 

Yes HKCU:Run ctfmon.exe Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run Google Update Google Inc. "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run mcui_exe McAfee, Inc. "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run Nvtmru NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\qttask.exe" -atboottime
Yes HKLM:Run RemoteControl Cyberlink Corp. "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Yes HKLM:Run RTHDCPL Realtek Semiconductor Corp. RTHDCPL.EXE
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common Adobe Gamma Loader.lnk Adobe Systems, Inc. C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Yes Startup User Xfire.lnk Xfire Inc. C:\Program Files\Xfire\Xfire.exe
 

Link to post
Share on other sites

Ok here is the list color coded,

 

Items in Green leave as they are

 

Items in Red can be disable

 

Items in Blue is your choice, if you definitely need that service to run at Boot treat as Green, if you can Manually start as and when you need later treat as Red

 

So run CCleaner, Select > Tools > Start up > Windows tab. That will show the startup entries for Windows. Select each entry that needs changing, in the Right hand pane select the required command. Disable to stop the service at boot, or Enable if you want to change back...

 

Yes HKCU:Run ctfmon.exe Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run Google Update Google Inc. "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run mcui_exe McAfee, Inc. "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run Nvtmru NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\qttask.exe" -atboottime
Yes HKLM:Run RemoteControl Cyberlink Corp. "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

Yes HKLM:Run RTHDCPL Realtek Semiconductor Corp. RTHDCPL.EXE
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common Adobe Gamma Loader.lnk Adobe Systems, Inc. C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Yes Startup User Xfire.lnk Xfire Inc. C:\Program Files\Xfire\Xfire.exe

 

Let me know if that helps/makes a difference. Also tell me if any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites

OK, this is the revised Startup.TxT:

 

 

Yes HKCU:Run ctfmon.exe Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
No HKCU:Run Google Update Google Inc. "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
No HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run mcui_exe McAfee, Inc. "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
No HKLM:Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run Nvtmru NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\qttask.exe" -atboottime
No HKLM:Run RemoteControl Cyberlink Corp. "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Yes HKLM:Run RTHDCPL Realtek Semiconductor Corp. RTHDCPL.EXE
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
No Startup Common Adobe Gamma Loader.lnk Adobe Systems, Inc. C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Yes Startup User Xfire.lnk Xfire Inc. C:\Program Files\Xfire\Xfire.exe
 

 

After clicking on the Disable for the ones i dont want starting, is there some sort of save button or apply button that i am supposed to use?

Link to post
Share on other sites

OK, i think i did something i shouldnt have. I always hear Firefox is a better browser, so i tried to install it. I googled mozilla firefox and all kinds of websites popped up. I looked at one that said it was 2014, so i went to download it. When i clicked on install, it said it was bundled with a bunch of other programs i might find useful. There was no box to uncheck to say i didnt want them. Red flag in my mind popped up. Then looking at the description, there was some funny characters in the middle of a word instead of the letters. 2nd red flag. I didnt install it. I then left and googled it again. This time i looked at the website it was coming from. I found one i thought was secure so i downloaded that one. I clicked on install, and nothing said i was getting other programs with this install. After firefox was installed, i tried to goto Goolge homepage. It wouldnt let me, saying my connection was not secure. Anything i tried to open, it sais the same thing, that my connection was not secure. If i clicked on the i understand the consequences, it then tells me, that something might be tampering with my connection. I uninstalled firefox. System seems to still be running fine, just wanted to let you know what i did.

Link to post
Share on other sites

Run the following, see what comes up..

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs....

Link to post
Share on other sites

Here is the Adware:

 

# AdwCleaner v3.018 - Report created 30/01/2014 at 14:44:33
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mike - TRON33
# Running from : C:\Documents and Settings\Mike\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v

[ File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4702 octets] - [27/01/2014 23:12:42]
AdwCleaner[R1].txt - [714 octets] - [30/01/2014 14:44:33]
AdwCleaner[s0].txt - [4739 octets] - [27/01/2014 23:17:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [833 octets] ##########

 

 

Here is Malware:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: TRON33 [administrator]

1/30/2014 2:47:53 PM
mbam-log-2014-01-30 (14-47-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261002
Time elapsed: 24 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Adware reposted:

 

 

# AdwCleaner v3.018 - Report created 31/01/2014 at 07:11:17
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mike - TRON33
# Running from : C:\Documents and Settings\Mike\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v

[ File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4702 octets] - [27/01/2014 23:12:42]
AdwCleaner[R1].txt - [912 octets] - [30/01/2014 14:44:33]
AdwCleaner[R2].txt - [773 octets] - [31/01/2014 07:11:17]
AdwCleaner[s0].txt - [4739 octets] - [27/01/2014 23:17:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [892 octets] ##########

 

 

 

 

Malwarebytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: TRON33 [administrator]

1/30/2014 2:47:53 PM
mbam-log-2014-01-30 (14-47-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261002
Time elapsed: 24 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Sorry for the repost, when i looked it wasnt showing that i posted those logs. After posting them again, they now showed. Everything seems good, the system boots up alot faster now with all those other programs not loading at start. Do you have a link to a clean install of Mozilla Firefox?

Link to post
Share on other sites

Ok we can clean up, Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Activate UAC
       
  • Remove disinfection tools
       
  • Create registry backup
       
  • Purge System Restore
       
  • Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

This is link to Mozilla Firefox that I use: url]http://www.mozilla.org/en-US/firefox/new/

 

I use these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if any remaining issues or concerns..

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.