RAHornberger

I'm infected with something. Please Help

Recommended Posts


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01

Ran by R (administrator) on R-PC on 25-11-2014 15:59:45

Running from C:\Users\R\Downloads

Loaded Profile: R (Available profiles: R)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp45-kb2978128-x64.exe

(Microsoft Corporation) C:\d7a449172c6c52cf765df9623e0be07f\Setup.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3465556989-3404641117-2030684064-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)

HKU\S-1-5-21-3465556989-3404641117-2030684064-1000\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-3465556989-3404641117-2030684064-1000\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3465556989-3404641117-2030684064-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\R\AppData\Local\Temp\skowtis\sbxiude\wow64.dll ATTENTION! ====> ZeroAccess?

HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [s-1-5-21-3465556989-3404641117-2030684064-1000] => http=127.0.0.1:1242;https=127.0.0.1:1242

HKU\S-1-5-21-3465556989-3404641117-2030684064-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 


SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 




SearchScopes: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> DefaultScope {BD41DEEA-D032-49A3-9C5F-A8B72D75B998} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20140902&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN40074681112188718&UM=2&UP=SPD5761900-6331-4B22-ACDD-791EF16E8204&SSPV=

SearchScopes: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> {8B2E779C-ABEB-4006-9BC8-F54EAE986514} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

SearchScopes: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> {BD41DEEA-D032-49A3-9C5F-A8B72D75B998} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20140902&p={SearchTerms}



BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: No Name -> {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} ->  No File

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{6EB867DF-819C-4005-BFDE-0AC6CF2C9F86}: [NameServer] 8.8.8.8,8.8.4.4

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\iYogi.xml

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-30]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-30]

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR DefaultSearchKeyword: Default -> 87328FB01D825BDC33E1F9FA0C5D0109994B7CC759BF869CD23DF4C24D127692

CHR DefaultSearchURL: Default -> 6FF2D37ACEF7538DFD303CAD0D359F667E5F48CAD2AD7340413BF2DE7B941C86

CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (SiteAdvisor) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-25]

CHR Extension: (Earth TV) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn [2014-11-24]

CHR Extension: (CoupScanner) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfdnjnhgnghkgagflfoojagldagcjnj [2014-11-24]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-27]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-27]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 0055441416953768mcinstcleanup; C:\windows\TEMP\005544~1.EXE [827456 2012-01-09] (McAfee, Inc.)

R2 9a5e93ac; c:\Program Files (x86)\AllInDiscounts\PromoMaster.dll [4067840 2014-11-25] () [File not signed]

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 ioloService; C:\Program Files (x86)\SafePCRepair\ioloToolService.exe [2625800 2013-11-21] (iolo technologies, LLC)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2013-04-29] (support.com, Inc)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-25] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-25 15:59 - 2014-11-25 16:03 - 00023043 _____ () C:\Users\R\Downloads\FRST.txt

2014-11-25 15:58 - 2014-11-25 16:00 - 00000000 ____D () C:\FRST

2014-11-25 15:58 - 2014-11-25 15:58 - 02118144 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe

2014-11-25 15:54 - 2014-11-25 15:54 - 01060328 _____ () C:\Users\R\Downloads\Setup (1).exe

2014-11-25 15:53 - 2014-11-25 15:53 - 00000000 ____D () C:\Program Files (x86)\AllInDiscounts

2014-11-25 15:25 - 2014-11-25 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-10-27 18:35 - 2014-10-27 18:35 - 00000000 ____D () C:\Program Files (x86)\tuperfEctcoUppOn

2014-10-27 18:14 - 2014-10-27 18:14 - 00000004 _____ () C:\Users\R\AppData\Roaming\appdataFr2.bin

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-25 16:04 - 2011-10-29 01:17 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-25 16:03 - 2012-09-24 17:49 - 01817460 _____ () C:\windows\WindowsUpdate.log

2014-11-25 16:02 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-25 16:02 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-25 15:55 - 2013-08-15 19:50 - 00000000 ____D () C:\windows\system32\MRT

2014-11-25 15:53 - 2013-09-22 15:55 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2014-11-25 15:40 - 2011-11-04 10:02 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-11-25 15:38 - 2012-04-05 14:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-11-25 15:27 - 2014-07-17 09:45 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-25 15:25 - 2014-07-30 19:32 - 00001774 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-11-25 15:19 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF

2014-11-25 15:14 - 2013-06-05 19:01 - 00002828 _____ () C:\windows\System32\Tasks\DriverUpdate Startup

2014-11-25 15:14 - 2013-06-05 19:01 - 00000410 _____ () C:\windows\Tasks\DriverUpdate Startup.job

2014-11-25 15:13 - 2014-07-30 19:25 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-11-25 15:13 - 2013-06-17 09:39 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-25 15:13 - 2013-06-05 19:01 - 00016152 _____ () C:\windows\system32\Drivers\SWDUMon.sys

2014-11-25 15:12 - 2014-07-28 12:08 - 00001064 _____ () C:\windows\setupact.log

2014-11-25 15:12 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-11-24 22:35 - 2014-07-28 12:05 - 01608344 _____ () C:\windows\PFRO.log

2014-11-24 22:35 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\Offline Web Pages

2014-11-24 22:30 - 2014-09-03 18:47 - 00000000 ____D () C:\ProgramData\LizardSales

2014-11-24 22:29 - 2014-09-02 22:07 - 00000000 ____D () C:\ProgramData\LuuckyShopapper

2014-11-24 22:29 - 2014-09-02 21:55 - 00000000 ____D () C:\ProgramData\SailesMoagnet

2014-11-24 22:29 - 2012-08-03 20:38 - 00000000 ____D () C:\Program Files (x86)\Playbryte

2014-11-24 22:10 - 2013-06-17 09:39 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-24 21:25 - 2014-06-30 08:21 - 00000000 ____D () C:\ProgramData\7494c47032ed67fe

2014-11-24 21:19 - 2014-07-17 09:44 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-24 21:19 - 2014-07-17 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-24 21:19 - 2014-07-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-27 18:45 - 2014-10-17 09:26 - 00000000 ____D () C:\ProgramData\BoostSoftware

2014-10-27 18:45 - 2014-09-25 15:46 - 00000000 ____D () C:\ProgramData\tuperfEctcoUppOn

2014-10-27 17:48 - 2009-07-13 21:45 - 00409576 _____ () C:\windows\system32\FNTCACHE.DAT

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-17 11:47

 

==================== End Of Log ============================


 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01

Ran by R at 2014-11-25 16:05:50

Running from C:\Users\R\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)

ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Nitro Pro 8 (HKLM\...\{ECA5CA8B-CCB0-4611-A9EF-CC796AFE805D}) (Version: 8.5.4.11 - Nitro)

OverDrive Media Console (HKLM-x32\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

ShopALot (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9a5e93ac}) (Version:  - Software Publisher)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3465556989-3404641117-2030684064-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Users\R\AppData\Local\Temp\skowtis\sbxiude\wow64.dll No File

 

==================== Restore Points  =========================

 

Could not list Restore Points. Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-04-29 22:52 - 2011-12-22 16:11 - 00000833 ____N C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {135D82A1-01FE-4EAC-800C-994E9630744A} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)

Task: {170B58C4-9A1F-4551-B6D8-55E1C914A13C} - System32\Tasks\{C42CE5D6-12FE-4740-AE7A-996CBFE8E4FA} => C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe [2013-05-27] (Nitro PDF)

Task: {2B00B9B3-4498-44F7-8B6A-BDF9B89820D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {2CB783FE-825B-4C4F-8B10-5E33DE568C78} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.5.0.67\SymErr.exe

Task: {3419D036-91D9-4985-BFCF-9E13CBFD394B} - System32\Tasks\{2E57472C-B9F9-4EF9-9013-ADE63CD6288D} => C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe [2013-05-27] (Nitro PDF)

Task: {396DD5E1-E33E-4202-9C75-2A3E5EAFDB55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {3EAC43E6-C005-4FB0-9C94-4FE3DF7CF1F8} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.5.0.67\SymErr.exe

Task: {50A71663-7487-4FEF-9BDC-1649CD5B446B} - \RocketTab Update Task No Task File <==== ATTENTION

Task: {58BE900A-D737-446A-A14E-6DAE508218D6} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe

Task: {5BC3D64E-66B6-4648-9427-F86DB897DAEC} - System32\Tasks\{88FB1EE3-F2A9-4242-960D-B7DF1977F251} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124.196/en/go/help.faq.installer?source=lightinstaller&LastError=1618

Task: {604483A9-24BC-46E2-9CA3-C9C7A37C7333} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)

Task: {6E549E87-370E-40F3-AB6F-819287E5CD77} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {75DBB9E2-D6B8-48E4-B139-92FD40959FA8} - \SaveSense No Task File <==== ATTENTION

Task: {81D37A91-62BB-4CFE-B707-C1B78280D5F1} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Task: {8A38F405-1403-4082-AEF9-36520159E47D} - System32\Tasks\{3BE9A4FC-0B3E-43C6-B9AF-098064FD9C91} => C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe [2013-05-27] (Nitro PDF)

Task: {8BBAADDF-3FA2-474F-BC64-5DEDC0EC9EA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)

Task: {90DACFBB-FC59-40FB-813C-144E1109458C} - \RocketTab No Task File <==== ATTENTION

Task: {9EC02F7E-D190-4212-AFA2-CF0BFEDA3301} - System32\Tasks\{09F97946-B72F-4982-834C-A6B4D67A82EA} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124.196/en/go/help.faq.installer?source=lightinstaller&LastError=1618

Task: {C1AB2131-AA45-47AA-9930-08BC53155B2D} - System32\Tasks\{B9BF32E2-8F81-49C5-8FC6-9FF4D14E5731} => C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe [2013-05-27] (Nitro PDF)

Task: {CB9C5F70-0288-4C79-B811-74144C192063} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)

Task: {D21BA018-F520-4270-BF5E-EB33F218FC80} - System32\Tasks\{DAFCFBC7-E985-4202-B44B-8F5A53411A58} => C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe [2013-05-27] (Nitro PDF)

Task: {E594BF85-F30F-4EFF-AFF1-F970FCD47528} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)

Task: {FAC0FA7F-E865-450E-A491-5E1F73C3302D} - System32\Tasks\{6D1DE234-35B3-4FDA-9F28-DA1A65577186} => C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe [2013-05-27] (Nitro PDF)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\SaveSense.job => C:\Users\R\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

 

==================== Loaded Modules (whitelisted) =============

 

2011-10-29 02:58 - 2011-02-28 15:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-10-17 10:47 - 2014-10-09 19:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll

2014-10-17 10:47 - 2014-10-09 19:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll

2014-10-17 10:48 - 2014-10-09 19:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll

2014-10-17 10:47 - 2014-10-09 19:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

2014-10-17 10:48 - 2014-10-09 19:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

2014-11-25 15:53 - 2014-11-25 15:53 - 04067840 _____ () c:\Program Files (x86)\AllInDiscounts\PromoMaster.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IJPLMSVC => 2

MSCONFIG\Services: IYSODiskOptimizer => 2

MSCONFIG\Services: NitroDriverReadSpool8 => 2

MSCONFIG\Services: NitroReaderDriverReadSpool2 => 2

MSCONFIG\Services: nlsX86cc => 2

MSCONFIG\Services: Norton PC Checkup Application Launcher => 2

MSCONFIG\Services: NortonLive EasySupport => 2

MSCONFIG\Services: SDiManage => 2

MSCONFIG\Services: SupportDockService.exe => 2

MSCONFIG\Services: TMachInfo => 3

MSCONFIG\Services: TODDSrv => 2

MSCONFIG\Services: TosCoSrv => 2

MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3

MSCONFIG\Services: YahooAUService => 2

MSCONFIG\Services: YNanoService => 2

MSCONFIG\startupfolder: C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup

MSCONFIG\startupfolder: C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Badoo Desktop => 

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

MSCONFIG\startupreg: Messenger (Yahoo!) => 

MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

MSCONFIG\startupreg: Skype => 

MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /t

MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: swg => 

MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3465556989-3404641117-2030684064-500 - Administrator - Disabled)

Guest (S-1-5-21-3465556989-3404641117-2030684064-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3465556989-3404641117-2030684064-1004 - Limited - Enabled)

R (S-1-5-21-3465556989-3404641117-2030684064-1000 - Administrator - Enabled) => C:\Users\R

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/25/2014 03:19:06 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

 

Error: (11/25/2014 03:14:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/24/2014 09:06:33 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

 

Error: (11/24/2014 09:03:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/27/2014 06:48:37 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

 

Error: (10/27/2014 06:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/27/2014 06:39:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program McUICnt.exe version 5.9.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 8b4

 

Start Time: 01cff24f9f210137

 

Termination Time: 52

 

Application Path: C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

 

Report Id: f611dfb7-5e42-11e4-a3d0-00266cd07b9a

 

Error: (10/27/2014 05:52:21 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

 

Error: (10/27/2014 05:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/17/2014 11:28:25 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program fl_setup (1).exe version 3.7.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1414

 

Start Time: 01cfea3726a5169a

 

Termination Time: 273

 

Application Path: C:\Users\R\Downloads\fl_setup (1).exe

 

Report Id: 3f96f7f0-562b-11e4-81f3-00266cd07b9a

 

 

System errors:

=============

Error: (11/25/2014 03:18:03 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (11/25/2014 03:17:26 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

 

Error: (10/27/2014 05:52:51 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (10/27/2014 05:51:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 

%%1053

 

Error: (10/27/2014 05:51:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

 

Error: (10/17/2014 11:41:15 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

 

Error: (10/17/2014 11:37:02 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/17/2014 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (10/17/2014 10:02:13 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (10/17/2014 10:00:14 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 9:58:12 AM on ‎10/‎17/‎2014 was unexpected.

 

 

Microsoft Office Sessions:

=========================

Error: (11/25/2014 03:19:06 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: 

 

Error: (11/25/2014 03:14:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/24/2014 09:06:33 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: 

 

Error: (11/24/2014 09:03:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/27/2014 06:48:37 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: 

 

Error: (10/27/2014 06:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/27/2014 06:39:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: McUICnt.exe5.9.2.08b401cff24f9f21013752C:\Program Files\Common Files\McAfee\Platform\McUICnt.exef611dfb7-5e42-11e4-a3d0-00266cd07b9a

 

Error: (10/27/2014 05:52:21 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: 

 

Error: (10/27/2014 05:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/17/2014 11:28:25 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: fl_setup (1).exe3.7.1.0141401cfea3726a5169a273C:\Users\R\Downloads\fl_setup (1).exe3f96f7f0-562b-11e4-81f3-00266cd07b9a

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-07-30 20:40:25.564

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-07-30 20:00:06.545

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-07-30 19:59:43.533

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-07-30 19:58:17.172

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-03 16:30:50.419

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-03 16:29:09.134

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-03 16:28:53.750

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-03 14:50:10.204

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-03 12:56:21.268

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-03 12:55:43.155

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD C-50 Processor

Percentage of memory in use: 81%

Total physical RAM: 2662.87 MB

Available physical RAM: 500.02 MB

Total Pagefile: 8253.67 MB

Available Pagefile: 5387.79 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:229.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2B538AD9)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)

 

==================== End Of Log ============================

 

Share this post


Link to post
Share on other sites

Hello and Welcome:

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Kevin..

 

 

 

 

 

 

Fixlist.txt

Share this post


Link to post
Share on other sites

I do not think you have followed the instructions I posted in my last reply for FRST fix, can you confirm if you ran the fix or not. I did expect to see the log named Fixlog.txt

You have posted the same logs again from your original run of FRST, also you post again the attached log I posted for you in my last reply with an additon (1)

Share this post


Link to post
Share on other sites

I posted all of the txt files you told me and in the order you posted. There is a Fixlist (1).txt file, the third from the top. Is that what you were looking for?

Share this post


Link to post
Share on other sites

I was having problems downloading and running the programs you requested so at least one of them had an added number next to the file name because I had to click the link more than once.

Share this post


Link to post
Share on other sites

Fixlist.txt is what I had attached to reply #2 you were supposed to d/l and save to the same folder as the tool FRST, then you open FRST and select the "Fix" tab just once and wait. FRST then reads the file FRST.txt, runs to the script and produces a log "Fixlog.txt"

 

If you d/l and save Fixlist.txt again windows would save as Fixlist(1).txt as the two files are the same so have to have different names...

Share this post


Link to post
Share on other sites

I found out what the problem was. Since I was having issues downloading the farbar program, I ended up with multiple copies which created a conflict of some type. I got rid of all parts and started over. I'm including the new txt files here. Do you want me to rerun everything else?

FRST.txt

Addition.txt

Fixlog.txt

Share this post


Link to post
Share on other sites

Thanks for the logs.. Fixlog.txt is shown as run 2, also all fix entries show as not found. I suppose is correct to say the fixes were done in a previous scan 1.

The new logs FRST.txt and Addition.txt are not showing any obvious malware or infection.. What is the current status of your system, are there any remaining issues or concerns...

 

Can you check System Restore, see if you can create a restore point...

Share this post


Link to post
Share on other sites

Maybe we have a hidden rootkit.. Run the following and post the log..

 

Please read carefully and follow these steps.

  • Download TDSSKiller from here  http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
  • Doubleclick on tdssk.jpg to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"  


    tda.png

  • Place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
     


    td1.png

  • Select "Start Scan"


    tdb.png

  • If an infected file is detected, the default action will be Cure, click on Continue.


    td2.png

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    td3.png

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    td4.png

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


 

Thanks,

 

Kevin...

Share this post


Link to post
Share on other sites

It says that here were no malicious software found. It didn't give me the option to see a report because it didn't find anything. Any other suggestions? I'm still getting new tabs popping up for paid assistance through Malewarebytes

Share this post


Link to post
Share on other sites

Run the following and tell me if the popup stops, if not which browser does this popup occur...

 

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

 

Thanks,

 

Kevin...

Share this post


Link to post
Share on other sites

Since running that last tool and restarting, malewarebytes keeps poppng up that it is blocking outgoing from njp.app-amaker.com, compey.net and a few other addresses. It is also still opening new tabs when I try to scroll down. The latest one is http://www.reimageplus.com/lp/sys/index.php?tracking=CPX&banner=270188&adgroup=direct&ads_name=direct&keyword=direct&context=147924221

zoek-results.txt

Share this post


Link to post
Share on other sites

Which browser is affected, one specific or more than one. Chrome is listed as your default browser, run the following for Chrome:

 

Go to this link: https://support.google.com/chrome/answer/3296214?hl=en follow the instructions to reset browsr setting for Chrome.

 

Go to this link: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb follow the instructions to Install Adblock plus for Chrome.

 

Go to this link: https://support.google.com/chrome/answer/95426?hl=en follow the instructions to set the default search engine for Chrome.

 

Go to this link: https://support.google.com/chrome/answer/95314?hl=en follow the instructions to set Start up and Home pages...

 

Give update on remaining issues or concerns...

 

Kevin...

Share this post


Link to post
Share on other sites

All windows based computers come with IE but I never use it. The only other browser I use is my default Chrome. I completed step 1, 3, and 4 of your instructions but was unable to complete step 2. I even tried logging in to see if that was the issue but it wasn't. After clicking on the "free" link to download, it says checking. I then get a popup that says to confirm installation and add Adblock plus but all that happens is I receive an error has occurred network-failed and the option to retry or close. I tried several times to retry but I always get the same response. 

Share this post


Link to post
Share on other sites

Continue as follows please:

 

Uninstall the following:

 

Pro PC Cleaner

 

Next,

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Folder::c:\program files (x86)\PrinceCouponClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin...

Share this post


Link to post
Share on other sites

it already went through the entire scan a 2nd time and is preparing to make another log, unfortunately I don't think it's the log you were wanting. I didn't want to close it out during the middle of the scan without your say so after reading the info guide. What do I do from this point? Do you want me to save this file as ComboFix2.txt and submit it as well?

Share this post


Link to post
Share on other sites

Yes please let me see the log, if you follow the instructions I post Combofix will run again and produce a fresh log, just post the log that is produced, do not try to alter or rename, that is not needed...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.