Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adoble/Java Problem


  • This topic is locked This topic is locked
15 replies to this topic

#1 NaviLink

NaviLink

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 28 February 2015 - 02:58 PM

Whenever i try to install adoble reader it never pop up "Only a single instance of this application can run" so i unable to load java flash.

Google chrome works fine but sometime i would like to use IE or Firefox.

 

Thank you very much in advance.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Nini (administrator) on NINI-PC on 28-02-2015 11:10:00
Running from C:\Users\Nini\Downloads
Loaded Profiles: Nini (Available profiles: Nini & Joe)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
() C:\Windows\System32\PnkBstrA.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe) C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.193.1228.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoxWatchTray] => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] => C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe [1683456 2009-04-22] (D-Link Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-2055173356-654305777-185414532-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2055173356-654305777-185414532-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetpointII.exe (Logitech Inc.)
Startup: C:\Users\Joe.Nini-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Joe.Nini-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Nini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Nini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2055173356-654305777-185414532-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2055173356-654305777-185414532-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2055173356-654305777-185414532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
URLSearchHook: HKLM - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> {2EB615CC-8F0A-4205-9842-5389391B5381} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> {93C67FF4-932D-4FE1-884F-A2DBFEE6F618} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> {95C7FF0C-D644-4370-B9F1-561B27BD776E} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Yahoo! Axis for IE -> {035FDC10-9F1D-430E-87DA-573FFBF5608D} -> C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\lhek3j7q.default-1380850847250
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.neogaf.com/forum/forumdisplay.php?f=2
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\lhek3j7q.default-1380850847250\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-02]
FF Extension: Adblock Plus - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\lhek3j7q.default-1380850847250\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-03]
FF Extension: YouTube Flash Video Player - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\lhek3j7q.default-1380850847250\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-02-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-15]
FF HKU\S-1-5-21-2055173356-654305777-185414532-1000\...\Firefox\Extensions: [{E976F40F-6D56-4F3D-B3BF-F70B60C71901}] - C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901}
FF Extension: XULRunner - C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901} [2011-04-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-03]
CHR Extension: (Google Drive) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-03]
CHR Extension: (Google Search) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-03]
CHR Extension: (AdBlock) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Gmail) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-02-16] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2015-01-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-03-19] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 YNanoService; C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-07-25] (Yahoo! Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-10-09] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34720 2013-09-23] (Google Inc)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2013-09-26] (Emsisoft GmbH)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-13] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [798208 2009-09-15] (Ralink Technology Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S3 athur; system32\DRIVERS\athur.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Nini\AppData\Local\Temp\catchme.sys [X]
S0 dyyr; System32\drivers\nfbkv.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S0 hhpyx; System32\drivers\gvljnryy.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 kfksa; System32\drivers\twcoxhw.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
S0 rudpmfl; System32\drivers\lycvntp.sys [X]
S0 uezndl; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
S3 XDva388; \??\C:\Windows\system32\XDva388.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 11:10 - 2015-02-28 11:11 - 00021531 _____ () C:\Users\Nini\Downloads\FRST.txt
2015-02-28 11:09 - 2015-02-28 11:09 - 01127424 _____ (Farbar) C:\Users\Nini\Downloads\FRST.exe
2015-02-28 10:33 - 2015-02-28 10:33 - 01055952 _____ (Adobe) C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe
2015-02-28 04:30 - 2015-02-28 04:30 - 00000000 ____D () C:\Program Files\ESET
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 09:59 - 2015-02-18 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-18 09:59 - 2015-02-18 09:59 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2015-02-16 02:05 - 2015-02-16 01:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-16 02:05 - 2015-02-16 01:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-16 02:05 - 2015-02-16 01:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-16 02:04 - 2015-02-16 02:04 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-13 09:25 - 2015-02-13 09:25 - 00144168 _____ () C:\Windows\Minidump\Mini021315-01.dmp
2015-02-11 14:39 - 2015-02-11 14:39 - 00144168 _____ () C:\Windows\Minidump\Mini021115-01.dmp
2015-02-04 19:48 - 2015-02-04 19:48 - 00144168 _____ () C:\Windows\Minidump\Mini020415-01.dmp
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-02-03 07:57 - 2015-02-13 09:25 - 285749510 _____ () C:\Windows\MEMORY.DMP
2015-02-03 07:57 - 2015-02-03 07:57 - 00144168 _____ () C:\Windows\Minidump\Mini020315-01.dmp
2015-01-29 08:56 - 2015-02-18 09:59 - 00000807 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 11:11 - 2013-10-03 08:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 11:10 - 2013-08-24 17:42 - 00000000 ____D () C:\FRST
2015-02-28 11:10 - 2006-11-02 04:52 - 01124284 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 11:09 - 2006-11-02 04:47 - 00003664 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 11:09 - 2006-11-02 04:47 - 00003664 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 11:00 - 2014-07-01 22:35 - 00000000 ____D () C:\Users\Nini\AppData\Local\LogMeIn Hamachi
2015-02-28 10:59 - 2010-07-15 18:19 - 00003284 _____ () C:\Users\Nini\AppData\Roaming\ANIWZCS{75F06C7A-BDB1-4FD7-B482-6FBA203077B6}
2015-02-28 10:59 - 2006-11-02 04:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-28 10:58 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 10:57 - 2006-11-02 05:01 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-28 10:33 - 2010-07-15 18:10 - 00000000 ____D () C:\Users\Nini\AppData\Local\Adobe
2015-02-28 10:25 - 2014-12-20 19:43 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-28 08:46 - 2010-07-15 18:09 - 00000000 ____D () C:\Program Files\Adobe
2015-02-28 07:59 - 2006-11-02 02:33 - 00706952 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 04:34 - 2012-07-25 14:40 - 00000000 ____D () C:\Users\Joe.Nini-PC.000\AppData\Roaming\uTorrent
2015-02-25 15:29 - 2014-12-20 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-21 12:30 - 2013-12-21 18:57 - 00000000 ____D () C:\Program Files\Steam
2015-02-16 21:10 - 2014-10-10 07:29 - 00841538 _____ () C:\Users\Nini\Downloads\Attachments_20141010.zip
2015-02-16 16:20 - 2014-07-23 05:17 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-02-16 02:05 - 2012-09-25 18:38 - 00000000 ____D () C:\Program Files\Java
2015-02-16 01:45 - 2014-07-17 11:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-16 01:45 - 2014-04-17 19:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-13 16:40 - 2014-07-07 11:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 09:25 - 2014-02-18 03:56 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 15:38 - 2011-01-18 01:02 - 00000000 ____D () C:\Users\Nini\AppData\Local\CrashDumps
2015-02-06 03:56 - 2012-04-11 12:37 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-06 03:56 - 2012-04-11 12:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-06 03:40 - 2013-09-25 04:11 - 00997474 _____ () C:\Windows\PFRO.log
2015-02-05 23:06 - 2013-10-03 08:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 14:45 - 2014-11-23 18:31 - 00000000 ____D () C:\Users\Nini\Desktop\daddy's b-day 2014
2015-01-30 17:47 - 2014-07-07 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 17:47 - 2014-07-07 11:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2010-07-15 17:53 - 2013-01-09 00:08 - 0000258 _____ () C:\Users\Nini\AppData\Roaming\ANICONFIG_{75F06C7A-BDB1-4FD7-B482-6FBA203077B6}.ini
2010-07-15 18:19 - 2015-02-28 10:59 - 0003284 _____ () C:\Users\Nini\AppData\Roaming\ANIWZCS{75F06C7A-BDB1-4FD7-B482-6FBA203077B6}
2011-03-19 16:48 - 2011-03-19 16:48 - 0138056 _____ () C:\Users\Nini\AppData\Roaming\PnkBstrK.sys
2011-04-01 23:37 - 2011-04-02 23:16 - 0000000 _____ () C:\Users\Nini\AppData\Local\Cfavuro.bin
2010-07-15 12:30 - 2014-02-18 04:07 - 0001356 _____ () C:\Users\Nini\AppData\Local\d3d9caps.dat
2010-08-17 23:43 - 2015-01-26 16:13 - 0244224 _____ () C:\Users\Nini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-01 23:37 - 2011-04-03 15:22 - 0000120 _____ () C:\Users\Nini\AppData\Local\Ureho.dat
2011-01-04 20:21 - 2011-01-06 17:03 - 0001940 _____ () C:\Users\Nini\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-07-29 15:08 - 2010-07-29 15:10 - 0000356 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Nini\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Nini\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Nini\AppData\Local\Temp\NGM.exe
C:\Users\Nini\AppData\Local\Temp\NGMDll.dll
C:\Users\Nini\AppData\Local\Temp\NGMResource.dll
C:\Users\Nini\AppData\Local\Temp\YgoUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-28 11:06

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 05 March 2015 - 11:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2055173356-654305777-185414532-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKU\S-1-5-21-2055173356-654305777-185414532-1000\...\Firefox\Extensions: [{E976F40F-6D56-4F3D-B3BF-F70B60C71901}] - C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901}
FF Extension: XULRunner - C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901} [2011-04-01]
S3 athur; system32\DRIVERS\athur.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Nini\AppData\Local\Temp\catchme.sys [X]
S0 dyyr; System32\drivers\nfbkv.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S0 hhpyx; System32\drivers\gvljnryy.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 kfksa; System32\drivers\twcoxhw.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
S0 rudpmfl; System32\drivers\lycvntp.sys [X]
S0 uezndl; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
S3 XDva388; \??\C:\Windows\system32\XDva388.sys [X]
Task: {E54591E9-4D79-4C49-9698-90E5DD0069A1} - \SUPERAntiSpyware Scheduled Task 8036f0aa-3186-46a6-8cb6-4b7fcd9e1d73 No Task File <==== ATTENTION
Task: {A365C1B4-AFDE-4D5D-B7F4-5A803D590A98} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION
Task: {4E328228-7E67-4D7E-B93E-CA8FEB657E0E} - \SUPERAntiSpyware Scheduled Task c0fc37e7-af86-42e4-a900-b82edd7e4e48 No Task File <==== ATTENTION
C:\Windows\Minidump\Mini021315-01.dmp
C:\Windows\Minidump\Mini021115-01.dmp
C:\Windows\Minidump\Mini020415-01.dmp
C:\Windows\MEMORY.DMP
C:\Windows\Minidump\Mini020315-01.dmp
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Nini\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Nini\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Nini\AppData\Local\Temp\NGM.exe
C:\Users\Nini\AppData\Local\Temp\NGMDll.dll
C:\Users\Nini\AppData\Local\Temp\NGMResource.dll
C:\Users\Nini\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901}
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Joe\Desktop\Pictures:Roxio EMC Stream
AlternateDataStreams: C:\Users\Joe.Nini-PC.000\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Joe.Nini-PC.000\Documents\PS Vita:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\DSC_0094.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\mbar:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\Microsoft Works:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\MP3 Music:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\MUSIC:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\OpenOffice.org 2.4 (en-US) Installation Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\Pictures:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\Response Required By:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\RK_Quarantine:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\`1bnm,.l:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Bigasoft Total Video Converter:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Camera pictures:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\cars_0009.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\collag.png:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Father day:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Folder Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Games for Windows - LIVE Demos:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Jays Birthday:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\JRT Studio:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Las Vegas:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Media Go:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Mother day:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder 3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\philippine video:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\PS Vita:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Screecap.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Symantec:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\tn.jpg:Roxio EMC Stream

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 05 March 2015 - 03:44 PM

FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by Nini at 2015-03-05 10:41:21 Run:1
Running from C:\Users\Nini\Downloads
Loaded Profiles: Nini (Available profiles: Nini & Joe)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2055173356-654305777-185414532-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2055173356-654305777-185414532-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKU\S-1-5-21-2055173356-654305777-185414532-1000\...\Firefox\Extensions: [{E976F40F-6D56-4F3D-B3BF-F70B60C71901}] - C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901}
FF Extension: XULRunner - C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901} [2011-04-01]
S3 athur; system32\DRIVERS\athur.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Nini\AppData\Local\Temp\catchme.sys [X]
S0 dyyr; System32\drivers\nfbkv.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S0 hhpyx; System32\drivers\gvljnryy.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 kfksa; System32\drivers\twcoxhw.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
S0 rudpmfl; System32\drivers\lycvntp.sys [X]
S0 uezndl; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
S3 XDva388; \??\C:\Windows\system32\XDva388.sys [X]
Task: {E54591E9-4D79-4C49-9698-90E5DD0069A1} - \SUPERAntiSpyware Scheduled Task 8036f0aa-3186-46a6-8cb6-4b7fcd9e1d73 No Task File <==== ATTENTION
Task: {A365C1B4-AFDE-4D5D-B7F4-5A803D590A98} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION
Task: {4E328228-7E67-4D7E-B93E-CA8FEB657E0E} - \SUPERAntiSpyware Scheduled Task c0fc37e7-af86-42e4-a900-b82edd7e4e48 No Task File <==== ATTENTION
C:\Windows\Minidump\Mini021315-01.dmp
C:\Windows\Minidump\Mini021115-01.dmp
C:\Windows\Minidump\Mini020415-01.dmp
C:\Windows\MEMORY.DMP
C:\Windows\Minidump\Mini020315-01.dmp
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Nini\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Nini\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Nini\AppData\Local\Temp\NGM.exe
C:\Users\Nini\AppData\Local\Temp\NGMDll.dll
C:\Users\Nini\AppData\Local\Temp\NGMResource.dll
C:\Users\Nini\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901}
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Joe\Desktop\Pictures:Roxio EMC Stream
AlternateDataStreams: C:\Users\Joe.Nini-PC.000\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Joe.Nini-PC.000\Documents\PS Vita:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\DSC_0094.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\mbar:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\Microsoft Works:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\MP3 Music:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\MUSIC:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\OpenOffice.org 2.4 (en-US) Installation Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\Pictures:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\Response Required By:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\RK_Quarantine:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Desktop\`1bnm,.l:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Bigasoft Total Video Converter:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Camera pictures:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\cars_0009.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\collag.png:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Father day:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Folder Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Games for Windows - LIVE Demos:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Jays Birthday:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\JRT Studio:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Las Vegas:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Media Go:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Mother day:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\New Folder 3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\philippine video:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\PS Vita:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Screecap.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\Symantec:Roxio EMC Stream
AlternateDataStreams: C:\Users\Nini\Documents\tn.jpg:Roxio EMC Stream

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2055173356-654305777-185414532-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2055173356-654305777-185414532-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2055173356-654305777-185414532-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value deleted successfully.
"HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
HKU\S-1-5-21-2055173356-654305777-185414532-1000\Software\Mozilla\Firefox\Extensions\\{E976F40F-6D56-4F3D-B3BF-F70B60C71901} => value deleted successfully.
C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901} => Moved successfully.
athur => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
dyyr => Service deleted successfully.
EagleNT => Service deleted successfully.
EagleXNt => Service deleted successfully.
hhpyx => Service deleted successfully.
IpInIp => Service deleted successfully.
kfksa => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
OMCI => Service deleted successfully.
rudpmfl => Service deleted successfully.
uezndl => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
XDva388 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E54591E9-4D79-4C49-9698-90E5DD0069A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54591E9-4D79-4C49-9698-90E5DD0069A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 8036f0aa-3186-46a6-8cb6-4b7fcd9e1d73" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A365C1B4-AFDE-4D5D-B7F4-5A803D590A98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A365C1B4-AFDE-4D5D-B7F4-5A803D590A98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E328228-7E67-4D7E-B93E-CA8FEB657E0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E328228-7E67-4D7E-B93E-CA8FEB657E0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task c0fc37e7-af86-42e4-a900-b82edd7e4e48" => Key deleted successfully.
C:\Windows\Minidump\Mini021315-01.dmp => Moved successfully.
C:\Windows\Minidump\Mini021115-01.dmp => Moved successfully.
C:\Windows\Minidump\Mini020415-01.dmp => Moved successfully.
C:\Windows\MEMORY.DMP => Moved successfully.
C:\Windows\Minidump\Mini020315-01.dmp => Moved successfully.
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll => Moved successfully.
C:\Users\Joe.Nini-PC.000\AppData\Local\Temp\YgoUpdater.exe => Moved successfully.
C:\Users\Nini\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll => Moved successfully.
C:\Users\Nini\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Nini\AppData\Local\Temp\NGM.exe => Moved successfully.
C:\Users\Nini\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Nini\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Nini\AppData\Local\Temp\YgoUpdater.exe => Moved successfully.
"C:\Users\Nini\AppData\Local\{E976F40F-6D56-4F3D-B3BF-F70B60C71901}" => File/Directory not found.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\Users\Joe\Desktop\Pictures => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Joe.Nini-PC.000\Documents\OneNote Notebooks => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Joe.Nini-PC.000\Documents\PS Vita => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Desktop\DSC_0094.JPG => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Desktop\mbar => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Desktop\Microsoft Works => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Desktop\MP3 Music => ":Roxio EMC Stream" ADS removed successfully.
"C:\Users\Nini\Desktop\MUSIC" => ":Roxio EMC Stream" ADS not found.
C:\Users\Nini\Desktop\OpenOffice.org 2.4 (en-US) Installation Files => ":Roxio EMC Stream" ADS removed successfully.
"C:\Users\Nini\Desktop\Pictures" => ":Roxio EMC Stream" ADS not found.
C:\Users\Nini\Desktop\Response Required By => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Desktop\RK_Quarantine => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Desktop\`1bnm,.l => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Bigasoft Total Video Converter => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Camera pictures => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\cars_0009.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\collag.png => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Father day => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Folder Files => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Games for Windows - LIVE Demos => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Jays Birthday => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\JRT Studio => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Las Vegas => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Media Go => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Mother day => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\New Folder => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\New Folder (2) => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\New Folder (3) => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\New Folder 3 => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\OneNote Notebooks => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\philippine video => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\PS Vita => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Screecap.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\Symantec => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Nini\Documents\tn.jpg => ":Roxio EMC Stream" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 10:41:56 ====



#4 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 05 March 2015 - 03:46 PM

MBAM Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/5/2015
Scan Time: 10:55:50 AM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.05.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Nini

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 532097
Time Elapsed: 41 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Adwcleaner log:

 

# AdwCleaner v4.111 - Logfile created 05/03/2015 at 12:06:24
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Nini - NINI-PC
# Running from : C:\Users\Nini\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nini\AppData\LocalLow\Yahoo! Companion
File Deleted : C:\Users\Nini\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

[C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R10].txt - [2110 bytes] - [29/10/2013 06:53:00]
AdwCleaner[R11].txt - [2176 bytes] - [02/11/2013 02:00:47]
AdwCleaner[R12].txt - [2461 bytes] - [13/11/2013 12:02:57]
AdwCleaner[R13].txt - [2292 bytes] - [28/11/2013 06:39:31]
AdwCleaner[R14].txt - [2400 bytes] - [12/01/2014 09:24:18]
AdwCleaner[R15].txt - [2474 bytes] - [14/02/2014 17:14:43]
AdwCleaner[R16].txt - [2598 bytes] - [14/02/2014 17:31:46]
AdwCleaner[R17].txt - [3533 bytes] - [05/03/2015 11:52:10]
AdwCleaner[R18].txt - [3572 bytes] - [05/03/2015 12:03:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt - [3580  bytes] ##########
 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 06 March 2015 - 08:47 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 06 March 2015 - 12:22 PM

 Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials     
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 8 Update 31  
 Java version out of Date!
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (36.0.1)
 Google Chrome 40.0.2214.111  
 Google Chrome 40.0.2214.115  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Microsoft Security Client Antimalware MsMpEng.exe  
 Microsoft Security Client Antimalware NisSrv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 06 March 2015 - 01:54 PM

You have the latest Java version.
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

to learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 07 March 2015 - 09:34 AM

I've tried to install it but keep getting this message " only a single instance of this application can run". 

I can't see any Adobe applications, I've tried deleting all files adobe and still nothing.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 07 March 2015 - 01:42 PM

Download and run their uninstaller tool.

http://labs.adobe.com/downloads/acrobatcleaner.html

Restart the computer normally when done.

===

Check in the Add/Remove programs if it's still shown.

Re-install if needed.

#10 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 11 March 2015 - 10:36 AM

I downloaded the uninstaller from website, complete it and still nothing.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 11 March 2015 - 12:40 PM

This running process in your Download folder is probably the cause of all this.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

(Adobe) C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe
C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#12 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 11 March 2015 - 08:17 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Nini at 2015-03-11 17:49:40 Run:2
Running from C:\Users\Nini\Downloads
Loaded Profiles: Nini (Available profiles: Nini & Joe)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

(Adobe) C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe
C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe

End
*****************

Processes closed successfully.
C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe => No running process found
C:\Users\Nini\Downloads\install_reader10_en_mssd_aaa_aih.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog 17:49:41 ====



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 12 March 2015 - 08:07 AM

Can you install the Adobe reader now?

#14 NaviLink

NaviLink
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 15 March 2015 - 01:31 PM

I may have found a different solution to make flash player works. Also I have adobe reader XI install as alternative for PDF file.


Edited by NaviLink, 15 March 2015 - 01:51 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 16 March 2015 - 06:13 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users