Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack on new computer


  • Please log in to reply
20 replies to this topic

#1 dennisgharris

dennisgharris

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 01:47 PM

Hi folks. We bought a Acer computer for quick travel get a ways 2 weeks ago. Went to the Rio Hotel in Vegas stayed three days. Looks like we were infected while using their not so free wifi.

 

Computer Acer, Win8 out of the box.

Installed Chrome and that is what I use most

 

Started getting various popups saying we had infected file. Then more popups covering the screen. Then tabs started opening taking us to vacation rental sites. Then last night a tab opens taking me to Russian girls site.

 

I've run the McAfee

installed Malware bytes

CC cleaner

Ran Hijackthis.

Tried to install Combofix but said it wouldn't work with Win2000?? I have win 8

 

 

I didn't do anything with Hijackthis file because I don't understand it, but I do have the file saved.

 

BTW I have visited sites on Alibaba quite a bit also.

 

Thanks in advance for your help.

 

Dennis

 



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 03:14 PM

Hi dennisgharris and :welcome:

 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

logo.jpgDownload Malwarebytes Anti-Rootkit HERE
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Double click on downloaded file. OK self extracting prompt.
    MBAR will start. Click "Next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    [b][color=limegreen]"mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"

 

Thank you!



#3 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 03:32 PM

Thank you for getting back to me Alex. Do the results of all of these scan get pasted into the reply box here? Is there any special order to run these?

Dennis



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 04:06 PM

Order is Malwarebytes at the end.Yes paste the result here from Notepad.

 

Thank you!



#5 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 04:43 PM

 Results of screen317's Security Check version 0.99.89  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
============================================================================
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by Dennis (administrator) on 13-11-2014 at 13:13:48
Running from "C:\Users\Dennis\Desktop"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: http=127.0.0.1:49262;https=127.0.0.1:49262
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/13/2014 01:05:38 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15ac
 
Start Time: 01cfff84dc551bff
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: cfefa484-6b78-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 00:58:26 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1848
 
Start Time: 01cfff83db49c3fb
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ced63d1e-6b77-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 00:40:13 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1930
 
Start Time: 01cfff814fb40c70
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 435af223-6b75-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 10:12:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: McSmtFwk.exe, version: 4.8.704.0, time stamp: 0x51f7f8d2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000e14100
Faulting process id: 0xec0
Faulting application start time: 0xMcSmtFwk.exe0
Faulting application path: McSmtFwk.exe1
Faulting module path: McSmtFwk.exe2
Report Id: McSmtFwk.exe3
Faulting package full name: McSmtFwk.exe4
Faulting package-relative application ID: McSmtFwk.exe5
 
Error: (11/13/2014 10:04:57 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b08
 
Start Time: 01cfff6b9a47666c
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 8dd3c1ef-6b5f-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 09:45:25 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18d4
 
Start Time: 01cfff68afd9083f
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: c6d2b0cf-6b5c-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 06:58:55 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1224
 
Start Time: 01cfff519409dd1b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 89d76680-6b45-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/12/2014 11:56:59 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 160c
 
Start Time: 01cfff131f748680
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a47f1d4e-6b0a-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/12/2014 11:08:21 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 136c
 
Start Time: 01cfff0fe55d3791
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: d8df5579-6b03-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/12/2014 10:55:08 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cec
 
Start Time: 01cfff0e0c46a31d
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 002e9054-6b02-11e4-8269-f8a963e7354c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (11/13/2014 00:00:23 AM) (Source: DCOM) (User: HARRISLT)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (11/13/2014 00:00:23 AM) (Source: DCOM) (User: HARRISLT)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (11/12/2014 10:47:22 PM) (Source: DCOM) (User: HARRISLT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The User Experience Improvement Program service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The Quick Access RadioMgr Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The ePower Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The Quick Access Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/12/2014 10:46:11 PM) (Source: Service Control Manager) (User: )
Description: The tbaseprovisioning service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (11/13/2014 01:05:38 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2060515ac01cfff84dc551bff4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.execfefa484-6b78-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 00:58:26 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605184801cfff83db49c3fb4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.execed63d1e-6b77-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 00:40:13 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605193001cfff814fb40c704294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe435af223-6b75-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 10:12:22 AM) (Source: Application Error)(User: )
Description: McSmtFwk.exe4.8.704.051f7f8d2unknown0.0.0.000000000c00000050000000000e14100ec001cfff5224a7fc5fC:\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exeunknown9c8b322e-6b60-11e4-8269-f8a963e7354c
 
Error: (11/13/2014 10:04:57 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605b0801cfff6b9a47666c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe8dd3c1ef-6b5f-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 09:45:25 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2060518d401cfff68afd9083f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exec6d2b0cf-6b5c-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2014 06:58:55 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605122401cfff519409dd1b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe89d76680-6b45-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/12/2014 11:56:59 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605160c01cfff131f7486804294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exea47f1d4e-6b0a-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/12/2014 11:08:21 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605136c01cfff0fe55d37914294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exed8df5579-6b03-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/12/2014 10:55:08 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605cec01cfff0e0c46a31d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe002e9054-6b02-11e4-8269-f8a963e7354cmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
 
=========================== Installed Programs ============================
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3008 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40522 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0522.802.12503 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E043161E-A691-B3C2-E60C-2FBBD8CFF720}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.02.2004.7 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0522.802.12503 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0522.802.12503 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0522.802.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0522.0801.12503 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0522.802.12503 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4917 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink Power Media Player 12 (x32 Version: 12.0.3.4218 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.0.4220 - CyberLink Corp.) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.153 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{C01EB132-6707-740E-6ED9-EAC3943918DB}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Pokki Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.3.181 - )
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21250 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 40%
Total physical RAM: 3288.23 MB
Available physical RAM: 1959.43 MB
Total Pagefile: 6488.23 MB
Available Pagefile: 4914.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.51 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:916.32 GB) (Free:884.21 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HARRISLT
 
Administrator            Dennis                   Guest                    
 
 
**** End of log ****
 
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
FSS
 
Farbar Service Scanner Version: 21-07-2014
Ran by Dennis (administrator) on 13-11-2014 at 13:16:46
Running from "C:\Users\Dennis\Desktop"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
No Malware found


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 05:04 PM

Pop-ups are only in browsers or?



#7 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 05:06 PM

That is all I've seem. Also new tabs opening on Chrome a going to a variety of sites. A number of security sites who want to fix my computer.



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 05:42 PM

icon1349013334.jpgPlease download AdwCleaner by XplodeHERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

icon1351185104.pngPlease download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

icon1356707420.jpgDownload Malwarebytes' Anti-Malware Free HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Thread scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

    Be sure to restart the computer if requested.

esetsmartinstaller_enu.pngPlease download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

Note: Do not forget to re-enable your antivirus application after running the above scan!
 

Thank you!



#9 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 06:01 PM

I was looking in McAfee Live Safe Internet Security trying to find where to turn it off or disable and can't find it.

Thanks so much for your help.



#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 06:24 PM

Is there tray icon.With right click menu should appear.



#11 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 06:26 PM

Yes I tried that but don't see where to shut it down



#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 06:29 PM

http://www.wikihow.com/Disable-McAfee

I don`t know your version.Never deal with.



#13 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 06:38 PM

That was the trick. Now running JRT



#14 dennisgharris

dennisgharris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 13 November 2014 - 07:11 PM

Alex the Malwarebytes is running. I need to head out and will complete the ESET tomorrow. Thanks so much for your help.

 

Dennis

 

 

Hope you have a great weekend



#15 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 13 November 2014 - 07:17 PM

Ok!

Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users