Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post both logs in next reply..

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Re-run FRST and post the fresh log...

 

Let me see those logs...

 

Kevin

fixlist.txt

Link to post
Share on other sites

OK...here are the logs from AdwCleaner and FRST

logs separated by a triple **************************************** line.

 

 

**************************************************************************************

**************************************************************************************

**************************************************************************************

 

 

# AdwCleaner v3.018 - Report created 04/02/2014 at 12:05:10

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Linus Toy - LT-R835

# Running from : C:\Users\Linus Toy\Desktop\Virus Removal\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\LINUST~1\AppData\Local\Temp\AirInstaller

Folder Deleted : C:\Users\LINUST~1\AppData\Local\Temp\boost_interprocess

Folder Deleted : C:\Users\Linus Toy\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

Folder Deleted : C:\Users\Linus Toy\AppData\Roaming\digitalsite

Folder Deleted : C:\Users\Linus Toy\AppData\Roaming\pdfforge

File Deleted : C:\Users\Linus Toy\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\IGearSettings

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Linus Toy\AppData\Roaming\Mozilla\Firefox\Profiles\3gx7hh6h.default-1386160440000\prefs.js ]

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [6751 octets] - [04/02/2014 12:02:44]

AdwCleaner[s0].txt - [6246 octets] - [04/02/2014 12:05:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6306 octets] ##########

 
 
 

*****************************************************************************************************

*****************************************************************************************************

*****************************************************************************************************

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014

Ran by Linus Toy (administrator) on LT-R835 on 04-02-2014 12:17:19

Running from C:\Users\Linus Toy\Desktop\Virus Removal

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Brand Affinity Technologies) C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\ProgramData\Rpcnet\Bin\rpcld.exe

(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Akamai Technologies, Inc.) C:\Users\Linus Toy\AppData\Local\Akamai\netsession_win.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

() C:\Users\Linus Toy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Akamai Technologies, Inc.) C:\Users\Linus Toy\AppData\Local\Akamai\netsession_win.exe

(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Dropbox, Inc.) C:\Users\Linus Toy\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Windows\System32\ipconfig.exe

(Microsoft Corporation) C:\Windows\System32\ipconfig.exe

(Microsoft Corporation) C:\Windows\System32\ipconfig.exe

(Microsoft Corporation) C:\Windows\System32\ipconfig.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] - [X]

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)

HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-09-24] (Microsoft Corporation)

HKLM\...\Run: [intelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-07] (Intel® Corporation)

HKLM\...\Run: [TosNC] - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

HKLM\...\Run: [TosReelTimeMonitor] - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [Absolute Notifier] - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-10-28] (Absolute Software)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [] - [X]

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [PhotoshopElements8SyncAgent] - C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe [1954456 2011-09-01] (Adobe Systems Incorporated)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Linus Toy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [Amazon Cloud Player] - C:\Users\Linus Toy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\Run: [Anemhooqreewakb] - "C:\Users\Linus Toy\AppData\Roaming\Izidzip\reucyp.exe"

HKU\S-1-5-21-1313106131-3742404188-1131344270-1000\...\MountPoints2: {04c41bce-fc27-11e0-8028-806e6f6e6963} - D:\Autorun.exe

Startup: C:\Users\Linus Toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Linus Toy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Linus Toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk

ShortcutTarget: Launch Jawbone Updater.lnk -> C:\Program Files (x86)\Jawbone\LaunchJU.exe ()

 

==================== Internet (Whitelisted) ====================

 

SearchScopes: HKLM - DefaultScope {2571F6B8-B31C-4C00-8A94-0A4C2C15AC7D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {2571F6B8-B31C-4C00-8A94-0A4C2C15AC7D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9A6BE312-5355-4223-82FA-99EE28C576E2}

SearchScopes: HKLM-x32 - {706EBB6C-2474-D8A1-F384-7EFC3AA2F489} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}

SearchScopes: HKCU - {2571F6B8-B31C-4C00-8A94-0A4C2C15AC7D} URL = 

SearchScopes: HKCU - {706EBB6C-2474-D8A1-F384-7EFC3AA2F489} URL = http://isearch.avg.com/search?cid={DAC4A5AF-FC1C-400B-8136-6DDECD5B1267}&mid=ccb8f30ae19047d0b9ac39d4c1f21edc-3d758443274a831399b14fe8cf64666876fe9368〈=en&ds=ac011&pr=sa&d=2012-06-05 21:40:03&v=11.1.0.7&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {9A6BE312-5355-4223-82FA-99EE28C576E2} URL = 

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (Brand Affinity Technologies)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Linus Toy\AppData\Roaming\Mozilla\Firefox\Profiles\3gx7hh6h.default-1386160440000

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Thumbnail Zoom Plus - C:\Users\Linus Toy\AppData\Roaming\Mozilla\Firefox\Profiles\3gx7hh6h.default-1386160440000\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-12-05]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-05]

FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-28]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-05]

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]

CHR Extension: (Google Drive) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]

CHR Extension: (YouTube) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]

CHR Extension: (Google Search) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]

CHR Extension: (Google Wallet) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]

CHR Extension: (Fantapper) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-01-09]

CHR Extension: (Gmail) - C:\Users\Linus Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]

CHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\fantapper_0941e80o8q2l.crx [2011-12-12]

 

==================== Services (Whitelisted) =================

 

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-10-28] (Absolute Software)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-11-12] (CrashPlan)

R2 FTSvc; C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-12] (Brand Affinity Technologies)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)

R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-07] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [229376 2012-03-28] (Visioneer Inc.)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

S3 ZuneWlanCfgSvc; C:\windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)

R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-09-26] (http://libusb-win32.sourceforge.net)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-11-29] (CACE Technologies, Inc.)

S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-04 12:02 - 2014-02-04 12:05 - 00000000 ____D () C:\AdwCleaner

2014-02-04 11:25 - 2014-02-04 11:55 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Izidzip

2014-02-04 10:36 - 2014-02-04 12:17 - 00000000 ____D () C:\FRST

2014-02-04 09:43 - 2014-02-04 09:43 - 00029324 _____ () C:\Users\Linus Toy\Desktop\dds.txt

2014-02-04 09:43 - 2014-02-04 09:43 - 00018041 _____ () C:\Users\Linus Toy\Desktop\attach.txt

2014-02-04 09:38 - 2014-02-04 12:17 - 00000000 ____D () C:\Users\Linus Toy\Desktop\Virus Removal

2014-02-04 09:34 - 2014-02-04 09:35 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Linus Toy\Downloads\mbar-1.07.0.1009.exe

2014-02-03 21:04 - 2014-02-03 21:04 - 01845760 _____ () C:\Users\Linus Toy\Downloads\class2.ppt

2014-01-28 13:43 - 2014-01-28 13:43 - 00000000 _____ () C:\Users\Linus Toy\AppData\Roaming\SharedSettings.ccs

2014-01-27 17:03 - 2014-01-27 17:03 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\{26D4C4F8-3AFD-49BA-A008-569BD2ADF1B3}

2014-01-26 22:51 - 2014-01-26 23:10 - 3320903680 _____ () C:\Users\Linus Toy\Downloads\en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso

2014-01-26 22:26 - 2014-01-26 22:26 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\rmi

2014-01-26 22:25 - 2014-01-26 22:25 - 00486808 _____ () C:\Users\Linus Toy\Downloads\imgburn-2.5.8.0.exe

2014-01-26 09:23 - 2014-01-26 09:25 - 88137586 _____ () C:\Users\Linus Toy\Downloads\2522 Data at 12 Jan 14.zip

2014-01-25 21:46 - 2014-01-25 21:46 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-01-25 21:44 - 2014-01-25 21:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-25 21:44 - 2014-01-25 21:46 - 00000000 ____D () C:\Program Files\iTunes

2014-01-25 21:44 - 2014-01-25 21:46 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-01-25 21:44 - 2014-01-25 21:44 - 00000000 ____D () C:\Program Files\iPod

2014-01-25 15:15 - 2014-01-25 15:25 - 1505925120 _____ () C:\Users\Linus Toy\Downloads\en_office_professional_plus_2013_x86_x64_dvd_1135709.iso

2014-01-21 23:32 - 2014-01-21 23:33 - 146401314 _____ () C:\Users\Linus Toy\Downloads\Kendal Toy floor.zip

2014-01-21 12:14 - 2014-01-21 12:14 - 01135249 _____ () C:\Users\Linus Toy\Downloads\2014-01-21 Contacts Texas Dreams Parents Club.xml

2014-01-16 14:58 - 2014-01-16 14:58 - 00005884 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club (2) (Autosaved).xml

2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\{B7227F10-7564-410C-8C3E-74C4F8F5335B}

2014-01-16 07:59 - 2014-01-16 07:59 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Oracle

2014-01-16 07:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-16 07:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2014-01-16 07:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2014-01-16 07:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2014-01-16 07:35 - 2014-01-16 07:37 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-16 07:26 - 2014-01-16 07:26 - 00000000 ____D () C:\ProgramData\Free Download Manager

2014-01-15 10:51 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2014-01-15 10:51 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2014-01-15 10:51 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys

2014-01-15 10:51 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2014-01-15 10:51 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2014-01-15 10:51 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys

2014-01-15 10:51 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2014-01-15 10:51 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys

2014-01-15 10:51 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-01-14 15:06 - 2014-01-14 15:06 - 00013181 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club (2).xml

2014-01-14 15:05 - 2014-01-16 14:59 - 00077868 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club.xml

2014-01-14 15:05 - 2014-01-16 14:58 - 00031248 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club (1).xml

2014-01-14 15:04 - 2014-01-14 15:04 - 00108143 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club (3).xml

2014-01-14 15:03 - 2014-01-14 15:03 - 00467560 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club (2).xml

2014-01-14 15:02 - 2014-01-14 15:02 - 00095539 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club (1).xml

2014-01-14 14:59 - 2014-01-16 14:57 - 00739214 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club.xml

2014-01-13 08:27 - 2014-01-13 08:27 - 00743704 _____ () C:\Users\Linus Toy\Downloads\AA_v3.3.exe

2014-01-13 08:27 - 2014-01-13 08:27 - 00743704 _____ () C:\Users\Linus Toy\Downloads\AA_v3.3 (1).exe

2014-01-09 07:16 - 2014-02-04 07:38 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-08 21:38 - 2014-01-08 21:38 - 00000010 _____ () C:\Users\Linus Toy\{B4B41B75-6D9A-4F35-BB45-30A0F5E0B92B}.tmp

2014-01-07 17:16 - 2014-01-07 17:17 - 00000000 ____D () C:\Users\Linus Toy\Documents\People

 

==================== One Month Modified Files and Folders =======

 

2014-02-04 12:17 - 2014-02-04 10:36 - 00000000 ____D () C:\FRST

2014-02-04 12:17 - 2014-02-04 09:38 - 00000000 ____D () C:\Users\Linus Toy\Desktop\Virus Removal

2014-02-04 12:12 - 2012-03-14 23:59 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Dropbox

2014-02-04 12:09 - 2012-09-26 08:51 - 00000000 ___RD () C:\Users\Linus Toy\Google Drive

2014-02-04 12:07 - 2012-11-25 15:03 - 00017920 _____ () C:\windows\system32\rpcnetp.exe

2014-02-04 12:07 - 2012-11-23 17:42 - 00069792 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll

2014-02-04 12:07 - 2012-09-26 08:49 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-04 12:06 - 2011-03-01 13:01 - 00055909 _____ () C:\windows\setupact.log

2014-02-04 12:06 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-02-04 12:05 - 2014-02-04 12:02 - 00000000 ____D () C:\AdwCleaner

2014-02-04 12:05 - 2011-10-21 14:37 - 01187240 _____ () C:\windows\WindowsUpdate.log

2014-02-04 12:05 - 2009-07-13 22:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-04 12:05 - 2009-07-13 22:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-04 11:55 - 2014-02-04 11:25 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Izidzip

2014-02-04 11:55 - 2012-01-01 03:43 - 00083728 _____ () C:\windows\PFRO.log

2014-02-04 11:26 - 2012-09-26 08:49 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-04 11:23 - 2012-06-30 16:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-02-04 09:43 - 2014-02-04 09:43 - 00029324 _____ () C:\Users\Linus Toy\Desktop\dds.txt

2014-02-04 09:43 - 2014-02-04 09:43 - 00018041 _____ () C:\Users\Linus Toy\Desktop\attach.txt

2014-02-04 09:35 - 2014-02-04 09:34 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Linus Toy\Downloads\mbar-1.07.0.1009.exe

2014-02-04 09:20 - 2012-05-28 23:31 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\23B61C49-226F-4A0B-9F3B-BDCD00375ACF.aplzod

2014-02-04 09:00 - 2012-01-14 17:45 - 00000000 ____D () C:\Users\Linus Toy\Documents\Outlook Files

2014-02-04 07:38 - 2014-01-09 07:16 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-04 06:26 - 2011-12-27 19:47 - 00000000 ____D () C:\Users\Linus Toy

2014-02-04 06:11 - 2012-11-25 15:04 - 00017920 _____ () C:\windows\SysWOW64\rpcnetp.dll

2014-02-04 06:10 - 2012-11-25 15:03 - 00017920 _____ () C:\windows\SysWOW64\rpcnetp.exe

2014-02-03 21:04 - 2014-02-03 21:04 - 01845760 _____ () C:\Users\Linus Toy\Downloads\class2.ppt

2014-02-02 11:14 - 2013-05-20 01:00 - 00000000 ____D () C:\Users\Linus Toy\Desktop\Older PC Photos

2014-02-02 08:59 - 2012-08-31 22:01 - 00000066 _____ () C:\Users\Linus Toy\Documents\tempFolderPath.dat

2014-01-28 13:50 - 2012-07-17 23:12 - 00000000 ____D () C:\Users\Linus Toy\Documents\Tech

2014-01-28 13:43 - 2014-01-28 13:43 - 00000000 _____ () C:\Users\Linus Toy\AppData\Roaming\SharedSettings.ccs

2014-01-27 17:03 - 2014-01-27 17:03 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\{26D4C4F8-3AFD-49BA-A008-569BD2ADF1B3}

2014-01-27 17:03 - 2009-07-13 23:13 - 00726444 _____ () C:\windows\system32\PerfStringBackup.INI

2014-01-26 23:10 - 2014-01-26 22:51 - 3320903680 _____ () C:\Users\Linus Toy\Downloads\en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso

2014-01-26 22:27 - 2012-04-30 15:04 - 00001876 _____ () C:\Users\Public\Desktop\ImgBurn.lnk

2014-01-26 22:26 - 2014-01-26 22:26 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\rmi

2014-01-26 22:25 - 2014-01-26 22:25 - 00486808 _____ () C:\Users\Linus Toy\Downloads\imgburn-2.5.8.0.exe

2014-01-26 16:41 - 2011-01-04 21:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-01-26 09:25 - 2014-01-26 09:23 - 88137586 _____ () C:\Users\Linus Toy\Downloads\2522 Data at 12 Jan 14.zip

2014-01-25 21:46 - 2014-01-25 21:46 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-01-25 21:46 - 2014-01-25 21:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-25 21:46 - 2014-01-25 21:44 - 00000000 ____D () C:\Program Files\iTunes

2014-01-25 21:46 - 2014-01-25 21:44 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-01-25 21:44 - 2014-01-25 21:44 - 00000000 ____D () C:\Program Files\iPod

2014-01-25 21:39 - 2012-01-13 11:34 - 00000000 ____D () C:\ProgramData\Apple

2014-01-25 15:25 - 2014-01-25 15:15 - 1505925120 _____ () C:\Users\Linus Toy\Downloads\en_office_professional_plus_2013_x86_x64_dvd_1135709.iso

2014-01-25 06:10 - 2012-02-28 22:53 - 00000000 ____D () C:\Users\Linus Toy\Documents\Family

2014-01-21 23:33 - 2014-01-21 23:32 - 146401314 _____ () C:\Users\Linus Toy\Downloads\Kendal Toy floor.zip

2014-01-21 12:14 - 2014-01-21 12:14 - 01135249 _____ () C:\Users\Linus Toy\Downloads\2014-01-21 Contacts Texas Dreams Parents Club.xml

2014-01-20 07:21 - 2011-12-27 19:47 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\Adobe

2014-01-20 07:20 - 2012-06-30 16:53 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-01-20 07:20 - 2012-03-30 09:33 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-20 07:20 - 2011-12-31 19:21 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-19 01:33 - 2011-01-24 11:48 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-01-17 23:05 - 2012-07-27 16:42 - 00370688 ___SH () C:\Users\Linus Toy\Desktop\Thumbs.db

2014-01-16 18:15 - 2013-11-09 12:00 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Free Download Manager

2014-01-16 14:59 - 2014-01-14 15:05 - 00077868 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club.xml

2014-01-16 14:58 - 2014-01-16 14:58 - 00005884 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club (2) (Autosaved).xml

2014-01-16 14:58 - 2014-01-14 15:05 - 00031248 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club (1).xml

2014-01-16 14:57 - 2014-01-14 14:59 - 00739214 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club.xml

2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\{B7227F10-7564-410C-8C3E-74C4F8F5335B}

2014-01-16 08:01 - 2012-04-03 01:23 - 00000000 ____D () C:\Program Files (x86)\Java

2014-01-16 08:00 - 2013-11-15 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-01-16 07:59 - 2014-01-16 07:59 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Oracle

2014-01-16 07:58 - 2013-11-06 12:09 - 00000000 ____D () C:\ProgramData\Oracle

2014-01-16 07:37 - 2014-01-16 07:35 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-16 07:26 - 2014-01-16 07:26 - 00000000 ____D () C:\ProgramData\Free Download Manager

2014-01-16 07:07 - 2009-07-13 22:45 - 00427216 _____ () C:\windows\system32\FNTCACHE.DAT

2014-01-16 06:41 - 2013-08-14 23:13 - 00000000 ____D () C:\windows\system32\MRT

2014-01-16 06:27 - 2011-01-24 15:56 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-14 15:06 - 2014-01-14 15:06 - 00013181 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Donations Texas Dreams Parents Club (2).xml

2014-01-14 15:04 - 2014-01-14 15:04 - 00108143 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club (3).xml

2014-01-14 15:03 - 2014-01-14 15:03 - 00467560 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club (2).xml

2014-01-14 15:02 - 2014-01-14 15:02 - 00095539 _____ () C:\Users\Linus Toy\Downloads\2014-01-14 Contacts Texas Dreams Parents Club (1).xml

2014-01-13 08:27 - 2014-01-13 08:27 - 00743704 _____ () C:\Users\Linus Toy\Downloads\AA_v3.3.exe

2014-01-13 08:27 - 2014-01-13 08:27 - 00743704 _____ () C:\Users\Linus Toy\Downloads\AA_v3.3 (1).exe

2014-01-10 13:49 - 2012-03-15 00:01 - 00001036 _____ () C:\Users\Linus Toy\Desktop\Dropbox.lnk

2014-01-10 13:49 - 2012-03-14 23:59 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-01-10 13:49 - 2011-12-27 19:47 - 00000000 ___RD () C:\Users\Linus Toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-09 07:15 - 2012-09-26 08:49 - 00000000 ____D () C:\Program Files (x86)\Google

2014-01-08 22:12 - 2012-01-13 11:37 - 00000000 ____D () C:\Users\Linus Toy\AppData\Local\Apple Computer

2014-01-08 22:11 - 2012-01-13 11:37 - 00000000 ____D () C:\Users\Linus Toy\AppData\Roaming\Apple Computer

2014-01-08 21:38 - 2014-01-08 21:38 - 00000010 _____ () C:\Users\Linus Toy\{B4B41B75-6D9A-4F35-BB45-30A0F5E0B92B}.tmp

2014-01-07 17:17 - 2014-01-07 17:16 - 00000000 ____D () C:\Users\Linus Toy\Documents\People

 

Some content of TEMP:

====================

C:\Users\Linus Toy\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-29 20:46

 

==================== End Of Log ============================

 

*****************************************************************************************************

*****************************************************************************************************

*****************************************************************************************************

Link to post
Share on other sites

The same infection returns again, ok we continue...

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites

OK...the second MBAR scan finally finished (it's a large drive, fairly cluttered).

Attached the requested logs.  

 

During the 1st MBAR scan, it noted a bad file, but by the time the scan was finished, but before any cleaning opportunity, the file was apparently removed/isolated?  Both MBAM and MSE were running during the scan.  MBAR noted Nothing needed to be cleaned.

 

2nd MBAR scan was clean.  

 

I'll start checking operational stability next...so far, I haven't been seeing the MBAM messages on the Trojan.BItcoinMiner like i was before (almost constantly popping up before) so you may have hit it!  

 

Thanks, and I will report back after a few hours or tomorrow with an update.

Fixlog.txt

mbar-log-2014-02-04 (12-54-37).txt

mbar-log-2014-02-04 (15-35-40).txt

system-log.txt

Link to post
Share on other sites

Thanks for those logs, looks like we still have a problem. MBAR flagged the following entry but makes no fix:

 


 

C:\Users\Linus Toy\AppData\Local\Temp\is357113909\186781388_stp\wajam_validate.exe

 

Download tfc_icon.png TFC  to your desktop, from either of the following links

 

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

 

If your security alerts to TFC, accept the alert and let it run, or turn off security to let it run..

 

  •  

       

  • Save any open work. TFC will close all open application windows.

     

       

  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.

     

       

  • If prompted, click "Yes" to reboot.

     

     

 

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

 

Next,

 

Update Malwarebytes and run a Quick scan, kill anything it finds... Post that log...

 

Next,

 

Run FRST, post fresh log..

 

Kevin...

Link to post
Share on other sites

Logs look good now, the problem file generating the infection was running from a temp folder, TFC will have cleared that... Ok couple of checks to finish off...

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Thanks!...looks like the cleanup items are in FRST's Quarantine; the FTP app from years ago!

 

JRT log attached.

ESET SCAN follows:

***************************

***************************

C:\FRST\Quarantine\bjmqigog.exe04-02-2014_11-25-37 a variant of Win32/Injector.AWZN trojan

C:\FRST\Quarantine\cxeedilr.exe04-02-2014_11-25-37 a variant of Win32/Injector.AWXI trojan

C:\FRST\Quarantine\etasqarv.exe04-02-2014_11-25-36 a variant of Win32/Kryptik.BUFN trojan

C:\FRST\Quarantine\UpdateFlashPlayer_59c940cb.exe04-02-2014_11-25-40 a variant of Win32/Kryptik.BUHQ trojan

C:\FRST\Quarantine\Izidzip04-02-2014_11-25-37\reucyp.exe a variant of Win32/Kryptik.BUHQ trojan

C:\Users\Linus Toy\Documents\2007-09 Backups\Liberty Archive\Linus Toy\My Documents\Download\ftp\servers\FTPpp2.exe Win32/Adware.Aureate application

***************************
***************************
 
 
I was UNABLE to run Security Check by screen317, getting the following message:
 
***************************
***************************
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
***************************
***************************
any next steps?
 

JRT.txt

Link to post
Share on other sites

Yep not much wrong at all, Forget Security Checks, just delete it. Also do the following:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools
       
  • Purge System Restore

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

Any tools or logs left on your Desktop or downloads folder can be deleted. Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if those steps complete ok, also if any remaining issues or concerns...

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.