Jump to content

Recurring page popup problems


Recommended Posts

I purchased this product because I started getting frequent page popups, which continued even after scanning with Nortonarrow-10x10.png, which I have used happily for a few years. One in particular is app.pckeeper.com, however there are a few others and they open quite frequently from what seems like just about any page. When I first purchased the product a few weeks ago it detected many problems which I removed. Since then, despite being run at least daily, it has only detected issues on two occasions that I can recall. And while the page popups seemed to stop for a while, they are back in full force. I purchased the premium version of this product to get rid of these things, but it does not seem to be helping. At this point, not really sure what I paid for. And yes, it is updated at least daily.

 

By the way, I followed the directions I received in my initial post. I went to the "Available assitance" page, which directed me to the "I'm infected what do I do now" page. As per the instructions, I attempted to download the Farbar Recovery Scan Tool. However, my Norton detected a virus within the download. I noticed the post was from more than six years ago and has not been updated, so maybe someone should take a look at that.

 

Please help, thanks.

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

 

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG

Choose Settings. at the bottom of the screen click the

"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

 

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

 

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

Next,

 

Follow the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Please open Malwarebytes Anti-Malware.

 


On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.
 
        'Could not load DDA driver'
 
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

 

To get the log from Malwarebytes do the following:

 


Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:
 
  Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

If Malwarebytes is not installed follow these instructions first:

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

 


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your reply....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Okay, I've followed the instructions. Really hope you can help me, as these page popups are driving me nuts.

 

As requested, logs are attached:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/26/15
Scan Time: 4:25:52 AM
Logfile: scan may26.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.26.01
Rootkit Database: v2015.05.24.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367007
Time Elapsed: 15 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Joe (administrator) on JOE-PC on 26-05-2015 04:47:21
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.FlashGet.com)
FreeTorrentViewer (HKLM-x32\...\FreeTorrentViewer) (Version: 1.0.0.1 - Free Torrent Viewer)
GoldWave v4.26 (HKLM-x32\...\GoldWave v4.26) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Desktop Utilities (HKLM-x32\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel® Integrator Assistant (HKLM-x32\...\{D1A35687-AEA9-422C-B237-FC4F8136B6F6}) (Version: 1.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
PC Drummer Pro 5.07 (HKLM-x32\...\PC_Drummer_Pro_500) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

15-04-2015 21:51:25 Windows Update
19-04-2015 14:25:27 before norton powerscan
26-04-2015 18:05:45 Scheduled Checkpoint
04-05-2015 00:09:55 Scheduled Checkpoint
11-05-2015 20:48:19 Scheduled Checkpoint
12-05-2015 23:00:36 Windows Update
20-05-2015 00:00:04 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2014-10-02 07:46 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
54.225.95.126    fhajokkdlhllmgenmniigcnlefjakobn

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EED4447-37B5-4070-94CB-BC09E6693D8A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {29DFFE8D-F562-4C27-8105-53E04CF93162} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7E2CD679-F292-4ECC-A797-5516D872812D} - System32\Tasks\{B27DA392-5589-48D1-8F42-DE33EA832063} => C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [2004-03-02] (Macromedia, Inc.)
Task: {8F91BC65-32DA-4F06-9521-97619E6A879C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9130206E-A49D-4101-80D4-6D834BC598DE} - System32\Tasks\{7A8D4561-F3FA-4C60-9EA2-D41FB95C1380} => C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [2004-03-02] (Macromedia, Inc.)
Task: {A546135C-547F-43F2-B249-3D75243D3960} - System32\Tasks\{0691978E-8660-42BF-BE9D-E4CFADDC635F} => pcalua.exe -a C:\Users\Joe\Documents\MiscAPPS\IGrab.exe -d C:\Users\Joe\Documents\MiscAPPS
Task: {BC54E958-2090-423E-A27F-1274EFB468D8} - System32\Tasks\0752ae01-0d82-4270-ab5c-cb57c42caca7 => C:\Program Files (x86)\TheTorntv V10\0752ae01-0d82-4270-ab5c-cb57c42caca7.exe <==== ATTENTION
Task: {BED2D55E-DFC3-4FD6-89DB-813650052A2E} - System32\Tasks\{C7433BA3-F07C-4FD3-BCD0-2B6462B9A338} => C:\Program Files (x86)\GoldWave\GoldWave.exe [2002-03-28] ()
Task: {C69C19AF-DED0-4C9D-AB7F-F4464F8DA8EF} - System32\Tasks\{4ACC8B48-B444-418A-9D35-1F03B1153A7A} => C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [2004-03-02] (Macromedia, Inc.)
Task: {C918A116-0E83-41F3-A24F-78C878D8352B} - System32\Tasks\{E5A27FA1-DF32-4C39-B36C-29D0211A1F72} => C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [2004-03-02] (Macromedia, Inc.)
Task: {CE4A147D-6974-4E7B-B9E6-0B1E206650E0} - System32\Tasks\ef4a13d7-64f2-43b7-ae75-86a796c2d8c6 => C:\Program Files (x86)\TheTorntv V10\ef4a13d7-64f2-43b7-ae75-86a796c2d8c6.exe <==== ATTENTION
Task: {DF9B480C-DE78-47CE-84CE-3D434939B693} - System32\Tasks\{66296750-6AAE-409F-A42E-C3E9D30BB221} => C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [2004-03-02] (Macromedia, Inc.)
Task: {F1E863FF-87C9-4C35-BB42-46FF2E382D12} - System32\Tasks\{DF48C4F5-46BF-43AC-B181-49D7D65543C6} => C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [2004-03-02] (Macromedia, Inc.)
Task: C:\Windows\Tasks\0752ae01-0d82-4270-ab5c-cb57c42caca7.job => C:\Program Files (x86)\TheTorntv V10\0752ae01-0d82-4270-ab5c-cb57c42caca7.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef4a13d7-64f2-43b7-ae75-86a796c2d8c6.job => C:\Program Files (x86)\TheTorntv V10\ef4a13d7-64f2-43b7-ae75-86a796c2d8c6.exeï/agentregpath='TheTorntv V10' /appid=63311 /srcid='001823' /subid='0' /zdata='0' /bic=4C6B9D8620814383849E703C059600A1IE /verifier=14a25080759a6038c8cf1df891dc95f9 /installerversion=1_35_09_29 /installationtime=1412246598 /statsdomain=http:/stats.newdatastatsserv.com /errorsdomain=http:/errors.newdatastatsserv.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,184-0 /monetizationdomain=http:/logs.newdatastatsserv.com <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-22 00:12 - 2011-10-20 12:47 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-22 16:56 - 2010-01-22 23:20 - 01033938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ESET-phase2.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-16 23:39 - 2014-10-16 23:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-10-17 09:20 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-03-16 16:36 - 2015-03-16 16:36 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Joe\Documents\Bill's Grandchildren October 2010 b.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Bill's Grandchildren October 2010.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Brenda Best Update.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\chinese torture.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Dark and Stormy Night Contest.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Dead President's Society.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Dutch Mason article.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\fishing.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\GerryG'sWebsite.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\HELP PUBLICATIONS.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Household tips.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\If I Knew....eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\important notice re e-mail from NBTEL.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Interesting beer article.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\It's a bird... it's a plane... it's..._!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Mainly For Engineers ___.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\McAfee Antivirus - HelpDesk Call number 5303.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Media players.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\pedals.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Pick up Lines.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Quotation Bill Toner.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\The Parrot.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\The Puppy - Lets see if you send it back.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\This is absolutely adorable.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\TroubleTree.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Weaver's Party.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Welcome to NBTel Internet _ Bienvenue à NBTel Internet.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\Will Rogers.eml:OECustomProperty
AlternateDataStreams: C:\Users\Joe\Documents\worst pickup lines in recorded history.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4049380915-4051730379-3028906647-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C687DA2-999F-4331-9847-57C263A25D0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D023D53A-CBE2-499F-8852-4D5BFF6DF116}] => (Allow) LPort=2869
FirewallRules: [{1CE9CE70-AFCB-4E9D-9449-B7FA3B4CB68C}] => (Allow) LPort=1900
FirewallRules: [{A3F45B79-136E-4C8F-B5FB-7ED090A64DC8}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS6375\hppiw.exe
FirewallRules: [{A525BED5-D330-40AB-8C6A-3642D25C90FC}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS6375\hppiw.exe
FirewallRules: [{070BD13E-F64F-4846-92E2-F806530318A0}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{378EEDA5-1526-497F-91FB-E787F3F0C996}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [TCP Query User{B5DBF85B-8AB2-4619-964E-E1B1B0826272}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [uDP Query User{E1F09786-DC0A-4D58-9659-D32A5964D7E7}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{D7E2D932-1890-45C6-A1FC-0BA6DCA94A5A}] => (Block) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{93654F40-42FF-445F-80D5-329869DAFBDC}] => (Block) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{CF2DB165-95C9-4D72-895D-DC16579AA678}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0649870C-486A-4B77-B228-2D004E00CC65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 09:41:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 11:02:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x15a8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/25/2015 01:49:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (05/24/2015 08:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 06:11:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (05/23/2015 08:20:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 09:06:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 05:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xccc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/22/2015 01:10:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 02:49:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108


System errors:
=============
Error: (05/25/2015 09:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (05/24/2015 08:33:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (05/23/2015 08:22:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (05/22/2015 09:08:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (05/22/2015 01:12:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (05/20/2015 11:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2

Error: (05/20/2015 06:03:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (05/20/2015 06:03:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/20/2015 06:03:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (05/20/2015 06:03:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office:
=========================
Error: (05/25/2015 09:41:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 11:02:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa115a801d096ef5fd696ffC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9fce66ba-02e6-11e5-a4c6-e06995e63139

Error: (05/25/2015 01:49:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (05/24/2015 08:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2015 06:11:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (05/23/2015 08:20:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 09:06:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 05:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1ccc01d0944897cad5c0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbfd0276e-005b-11e5-9eb4-e06995e63139

Error: (05/22/2015 01:10:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 02:49:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108


==================== Memory info ===========================

Processor: Intel® Core i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8099.43 MB
Available physical RAM: 4862.28 MB
Total Pagefile: 16197.05 MB
Available Pagefile: 12805.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:185.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E75C7192)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites

Thanks for the logs, continue as follows please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 


Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:


Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:


Make sure that Remove found threats is unchecked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Under “Enable Stealth Technology select “Change” select any extra drives in that window.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

 

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Post those logs, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin...

 

 

Fixlog.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.