Jump to content

Adware.BrowseFox


Recommended Posts

Hello and welcome to Malwarebytes,

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hello kevinf80

Here is the content from the Scan.

As a side note wish to share that I use the program WSUS Offline Update instead of Windows Update.

--------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/30/2016
Scan Time: 3:18 PM
Logfile: scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.30.07
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Park

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291666
Time Elapsed: 4 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I noticed a couple odd features from the Addition.txt log in that my Disk 4 and Disk 9 are listed as GPT and should not be.

Currently, my system has 13 volumes of which 9 volumes are RAID 10 (4 disks each), 1 volume is RAID 0 (2 disks), and 3 single stand alone.

The file Rkill.txt is on my desktop, and I am not able to cut and paste the content from the file rkill.com the URL http://www.bleepingcomputer.com/ being pasted in its place every time. I am having to hand draft the content.

As a closing note, I am wondering if I got infected by the Disgust forum at "The Hill"  (www.thehill.com) for after a fresh installation of Win7 Ult64 have no cut and paste issues until I sign onto Disgust after which I am typically not able to cut and paste text content into the Disgust forum text box correctly, the copied content missing most of the text or duplicating the first sentence.

 

---------------------------------------------------------------------------------------------

 

Rkill 2.8. 4 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

copyright 2008-2016 BleepingComputer.com

More Information about Rkill can be found at this link

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/30/2016 03:13:36 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 05/30/2016 03:13:50 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

 

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

The file Addition.txt is on my desktop and has not problem with cut and paste.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Park (2016-05-30 15:29:22)
Running from C:\Users\Park\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-19 18:17:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4255758897-3535838186-576667554-500 - Administrator - Disabled)
Guest (S-1-5-21-4255758897-3535838186-576667554-501 - Limited - Disabled)
Park (S-1-5-21-4255758897-3535838186-576667554-1000 - Administrator - Enabled) => C:\Users\Park

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.00.96 - ASUSTeK Computer Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
archttp (HKLM-x32\...\archttp) (Version: 1.0.0.0 - )
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
ASUS RT-AC68U Wireless Router Utilities (HKLM-x32\...\{B87CD6CC-8094-496C-99BA-4425169948C9}) (Version: 4.2.9.2 - ASUS)
AVerMedia H797 PCIe TV Tuner 7.102.64.79 (HKLM-x32\...\AVerMedia H797 PCIe TV Tuner) (Version: 7.102.64.79 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia Media Center Plug-ins 2.0.8.0 (HKLM-x32\...\AVerMedia Media Center Plug-ins) (Version: 2.0.8.0 - AVerMedia TECHNOLOGIES, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FileZilla Client 3.4.0 (HKU\S-1-5-21-4255758897-3535838186-576667554-1000\...\FileZilla Client) (Version: 3.4.0 - )
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.126 - MediatekWiFi)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Sound Blaster Z-Series (HKLM-x32\...\{A15CAB30-128B-4CB3-8C9F-091A69028167}) (Version: 1.00.28 - Creative Technology Limited)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {375D48B4-2652-4E0E-99C7-D2CCA94448F3} - System32\Tasks\ASUS\Ez Update => D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\EZ Update\EzUpdt.exe [2014-10-09] ()
Task: {406B39B4-3B92-44F7-82E4-D30C65A68B19} - System32\Tasks\ASUS\Push Notice Server Execute => D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {66E01115-581D-4EAB-A047-2BFBBF718DEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {71C68DB6-5123-4E6A-9D6B-46FBBC779F61} - System32\Tasks\ASUS\GpuFanHelper => D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\GpuFanHelper.exe [2014-12-04] (TODO: <Company name>)
Task: {A1FB0838-D36D-4DF9-BAE9-7F13B38E10DC} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-23] (Advanced Micro Devices, Inc.)
Task: {BC9A0C2D-4FB6-4270-A5B1-26ABCC071BDA} - System32\Tasks\ASUS\ASUS DIPAwayMode => D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-12-04] ()
Task: {C3ACE698-CC9E-43DA-BD7D-E04930062280} - System32\Tasks\ASUS\USB 3.0 Boost Service => D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {C4365DB6-08A0-4710-9671-0F3DAE3090AB} - System32\Tasks\ASUS\i-Setup125950 => C:\Windows\MEI\AsusSetup.exe [2013-08-22] (ASUSTeK Computer Inc.)
Task: {F6CD81DF-4015-4E8D-9F4B-76085596E9CE} - System32\Tasks\ASUS\ASUS AISuiteIII => D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\AISuite3.exe [2014-12-24] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-23 03:45 - 2014-05-26 21:14 - 00953856 _____ () D:\Program Files (x86)\MRAID\ArcHTTP\ArcHttpSrv.exe
2016-03-19 12:47 - 2014-01-27 20:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-03-19 12:47 - 2014-04-23 23:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-02-23 03:26 - 2009-05-27 23:20 - 00017952 _____ () D:\Program Files (x86)\EditPlus 3\eppshell64.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 01271096 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-03-19 22:27 - 2014-08-01 14:58 - 01065272 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\PushNoticeMonitor.exe
2016-03-19 22:27 - 2014-07-25 16:32 - 00036152 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2016-03-19 15:27 - 2014-11-27 19:55 - 00197120 _____ () E:\Installed Software\FreeFileSync\FreeFileSync\Bin\FindFilePlus_x64.dll
2016-03-19 15:27 - 2014-11-27 19:55 - 00309760 _____ () E:\Installed Software\FreeFileSync\FreeFileSync\Bin\Thumbnail_x64.dll
2016-03-19 12:47 - 2016-05-25 15:48 - 00042640 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-03-19 12:47 - 2014-01-27 20:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 00235008 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 00711680 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 00856576 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 00803840 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 00807936 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 01027072 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\DIPDLL\UsbPowerManager.dll
2016-03-19 22:27 - 2014-12-04 17:23 - 00010240 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2016-03-19 22:27 - 2013-11-20 10:10 - 00662016 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\aaHMLib.dll
2016-03-19 22:27 - 2013-07-02 10:40 - 00253952 _____ () D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\pngio.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 00018207 _____ () D:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4255758897-3535838186-576667554-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B6C33B64-C0EF-43F6-94EA-D0F0DAB54889}] => (Allow) D:\Program Files (x86)\ASUS\RT-AC68U Wireless Router Utilities\Discovery.exe
FirewallRules: [{4A9C455E-2499-4087-A364-C3798026B4C4}] => (Allow) D:\Program Files (x86)\ASUS\RT-AC68U Wireless Router Utilities\Discovery.exe
FirewallRules: [{48220069-7709-4224-B752-3828A6988A0F}] => (Allow) D:\Program Files (x86)\ASUS\RT-AC68U Wireless Router Utilities\Rescue.exe
FirewallRules: [{D2A03412-B02D-4F36-BCCD-78105AF9246A}] => (Allow) D:\Program Files (x86)\ASUS\RT-AC68U Wireless Router Utilities\Rescue.exe
FirewallRules: [{F67D3DC9-FA33-4C5E-9668-E0FB9B7A6A35}] => (Allow) D:\Program Files (x86)\ASUS\RT-AC68U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{B77E8129-AE79-44A9-8F1F-EE8B054F7537}] => (Allow) D:\Program Files (x86)\ASUS\RT-AC68U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{F8403B00-9997-4D60-93CE-6D833A22CCC1}] => (Allow) D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4587594C-D16C-430C-9B14-8220E99D33FC}] => (Allow) D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{DFEE0D4E-E0ED-4124-A484-832FB1AEE600}] => (Allow) D:\Program Files (x86)\ASUS\AI Suite III\AI Suite III\Push Notice\PushNotifyServer.exe

==================== Restore Points =========================

27-03-2016 19:00:02 Windows Backup
03-04-2016 19:00:04 Windows Backup
10-04-2016 19:00:05 Windows Backup
16-04-2016 21:21:33 Installed Extended Asian Language font pack for Adobe Acrobat Reader DC.
16-04-2016 21:23:44 Removed Adobe Acrobat Reader DC.
16-04-2016 21:24:00 Removed Extended Asian Language font pack for Adobe Acrobat Reader DC.
16-04-2016 21:24:24 Removed Intel(R) Update Manager
16-04-2016 21:43:24 Installed Extended Asian Language font pack for Adobe Reader XI.
17-04-2016 20:26:53 Windows Backup
24-04-2016 19:00:05 Windows Backup
01-05-2016 19:00:04 Windows Backup
08-05-2016 19:00:05 Windows Backup
15-05-2016 19:00:04 Windows Backup
22-05-2016 19:00:04 Windows Backup
29-05-2016 19:00:04 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Centrino(R) Wireless-N 2200
Description: Intel(R) Centrino(R) Wireless-N 2200
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Ethernet Connection (2) I218-V
Description: Intel(R) Ethernet Connection (2) I218-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1dexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2016 02:48:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 26e4

Start Time: 01d1babcd76d3b2a

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/30/2016 08:45:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: atidxx32.dll, version: 8.17.10.648, time stamp: 0x56cc74ee
Exception code: 0xc0000005
Fault offset: 0x00561c4a
Faulting process id: 0x26bc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/30/2016 07:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 121c

Start Time: 01d1ba7c1377c07d

Termination Time: 12

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/29/2016 05:57:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: editplus.exe, version: 3.1.1.340, time stamp: 0x4a1d490b
Faulting module name: editplus.exe, version: 3.1.1.340, time stamp: 0x4a1d490b
Exception code: 0xc0000005
Fault offset: 0x00023f68
Faulting process id: 0x494
Faulting application start time: 0xeditplus.exe0
Faulting application path: editplus.exe1
Faulting module path: editplus.exe2
Report Id: editplus.exe3

Error: (05/28/2016 06:26:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: atidxx32.dll, version: 8.17.10.648, time stamp: 0x56cc74ee
Exception code: 0xc0000005
Fault offset: 0x00561c4a
Faulting process id: 0x558
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/26/2016 08:59:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c68

Start Time: 01d1b7cbef8ce2b6

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/26/2016 12:24:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1920

Start Time: 01d1b78029a5f924

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/25/2016 03:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 11:58:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1634

Start Time: 01d1b6b36e36c584

Termination Time: 7

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: a129a96a-22aa-11e6-9dc7-00133b12827b

Error: (05/25/2016 06:57:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18231, time stamp: 0x56b8edd6
Faulting module name: MSHTML.dll, version: 11.0.9600.18231, time stamp: 0x56b902d8
Exception code: 0xc0000005
Fault offset: 0x00461862
Faulting process id: 0x1b8c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (05/29/2016 03:58:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 116.3.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/29/2016 03:58:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.223.124.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/29/2016 03:58:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.223.124.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/29/2016 03:58:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.223.124.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/29/2016 10:42:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/29/2016 07:33:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/29/2016 07:12:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/29/2016 01:49:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.221.745.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/28/2016 03:58:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 116.3.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/28/2016 03:58:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.221.745.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5960X CPU @ 3.00GHz
Percentage of memory in use: 17%
Total physical RAM: 32667.4 MB
Available physical RAM: 27083.35 MB
Total Virtual: 65333.01 MB
Available Virtual: 59718.03 MB

==================== Drives ================================

Drive a: (SWP_250GB_SE_ST_2.5H) (Fixed) (Total:232.88 GB) (Free:232.26 GB) NTFS
Drive b: (TMP_240GB_SA_840EVO120_R00) (Fixed) (Total:223.51 GB) (Free:222.66 GB) NTFS
Drive c: (OSW_240GB_SA_850EVO120_R10) (Fixed) (Total:223.42 GB) (Free:130.06 GB) NTFS
Drive d: (APP_240GB_SA_850EVO120_R10) (Fixed) (Total:223.51 GB) (Free:221.59 GB) NTFS
Drive e: (GND_2TB_HG_HTS721010_2.5H_R10) (Fixed) (Total:1862.64 GB) (Free:1341.39 GB) NTFS
Drive f: (EML_240GB_SA_850EVO120_R10) (Fixed) (Total:223.51 GB) (Free:219.7 GB) NTFS
Drive g: (PVD_1TB_SE_ST500LT025_2.5H_R10) (Fixed) (Total:931.31 GB) (Free:746.47 GB) NTFS
Drive h: (GEO_500GB_SA_850EVO250_R10) (Fixed) (Total:465.65 GB) (Free:314.92 GB) NTFS
Drive i: (WEB_240GB_SA_840EVO120_R10) (Fixed) (Total:223.51 GB) (Free:188.36 GB) NTFS
Drive j: (MLM_4TB_HI_HUA723020_3.5H_R10) (Fixed) (Total:3725.15 GB) (Free:3254.24 GB) NTFS
Drive m: (IMG_2TB_HI_HDS721010_3.5H_R10) (Fixed) (Total:1862.64 GB) (Free:1683.22 GB) NTFS
Drive n: (ARC_4TB_HG_HDS724040_3.5H_EGHIJ) (Fixed) (Total:3725.9 GB) (Free:2363.6 GB) NTFS
Drive o: (BUP_2TB_HG_HUS724020_3.5H_AFGHI) (Fixed) (Total:1863.01 GB) (Free:1488.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.5 GB) (Disk ID: FB395B22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.5 GB) (Disk ID: FB395B2F)
Partition 1: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.5 GB) (Disk ID: 1C57EDF4)
Partition 1: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: 086F7A71)
Partition 1: (Not Active) - (Size=1862.6 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 223.5 GB) (Disk ID: 1C57EDF0)
Partition 1: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 465.7 GB) (Disk ID: 1C57EDFF)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: A4EB24BF)
Partition 1: (Not Active) - (Size=1862.6 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (MBR Code: Windows 7 or 8) (Size: 223.5 GB) (Disk ID: B7EDDD1E)
Partition 1: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 9 (MBR Code: Windows 7 or 8) (Size: 3725.3 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 10 (MBR Code: Windows 7 or 8) (Size: 931.3 GB) (Disk ID: 130479F6)
Partition 1: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (Size: 3726 GB) (Disk ID: 04218666)

Partition: GPT.

========================================================
Disk: 12 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4527DF82)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thank you, Park.

Link to post
Share on other sites

Thanks for the logs, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.

 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE
then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download Sophos Free Virus Removal Tool
and save it to your desktop.
 
  • Double click the icon and select Run
Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....

Let me see those logs in your reply, also give an update on any remaining issues or concerns....

Thank you,

Kevin.

 

 

Link to post
Share on other sites

Hello kevinf80

 

I've completed all the procedures. None of the programs found anything.

 

FRST64 along with Fixlist.txt generated a secondary txt file named "Addition.txt" and attached.

 

SophosVirus produced an minor error message regarding the network

Sophos_Virus_Removal_Tool_Installation_E

along with a secondary log file name "SophosVirusRemovalTool_cloud4.log" and attached

I was able to run the Sophos scan program without any issues.

 

Thanks

Park

 

Fixlog.txt

Addition.txt

Scan_Malwarebytes_Log_31may2016.txt

Scan_AdwCleaner[S1]_log.txt

Zemana_AntiMalware_Log_2016.05.31-22.22.37-i0-t92-d0.txt

SophosVirusRemovalTool.log

SophosVirusRemovalTool_cloud4.log

Link to post
Share on other sites

Logs not showing any malware/infection, run the following scans...

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!


Post those logs,

Thanks,

Kevin.....

 

 

 

Link to post
Share on other sites

Hi kevinf80

I have not returned to any of the websites giving warning notices with regards to the domain "impression.dubnov.com" and "Adware.BrowseFox" since starting the checks, not wanting to introduce variables or compromise the testing process.

Were the two items noted by RogueKiller innocent changes to the registry?

Outside of the diagnostic programs, since nothing has been removed or detected from the system and the original purpose for inspection or "cause and effect" for the Malwarebytes notices yet determined, inconsistent with being infected or cleansed. Thus by default, should I still not be corrupted, the infection elusive to the detection methods conducted? Other wise this has been just an academic exercise, still unable to draw conclusion or closure. In short, the results so far seaming to be "null", rather than a "system clear" or "system compromise" confirmation.

I'll take a look at some websites and see if the notices reappear.

Thanks You.

Park

Link to post
Share on other sites

Hello Park,

Yes you are correct, we have no definite scan result to show any obvious malware or infection being present on your system. RK logs do not show anything sinister, the listed entries are innocuous...

You will have to try and repeat the actions that gave you cause for concern originally, see if the issue returns...

Thank you,

Kevin

Link to post
Share on other sites

Hello kevinf80

I went to DW, second site outside of USA, and got another warning. The warning changing address to "impression.uprise.website"

malwarebytes-warning-dw.com-impression.u

The business news site nikkei.com seamed to be OK. Other sites in the US are very slow to down load such as LA Times, but warning message.

Thanks

Park

Edited by parkmcgraw
Link to post
Share on other sites

Thanks for the update, run the following:

user posted imageScan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

*.exe Mirror http://smeenk.247fixes.com/Tools/zoek.exe

Temporary disable your AntiVirus and AntiSpyware protection - instructions here or here
 
  • Right-click on user posted image icon and select user posted image Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
iedefaults;
 
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)



Please include its content in your next reply. Don't forget to re-enable security software!

 

Thank you....

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.