Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security software is being deactivated


  • Please log in to reply
8 replies to this topic

#1 evansstreet

evansstreet

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 04 August 2015 - 08:40 AM

Hello

In the past couple of weeks I have started my PC to find that my Security software - Norton IS 2015 has been deactivated. After reactivating it  I got  a message that I had not installed updates for weeks and I managed to  restore to an older version. My system is also running slower.

This morning I ran Malwarebytes, Superantispyware, C Cleaner,Rogue killer(Premium) and TDss rootkill, all came up clean.

Can anyone help, please?



BC AdBot (Login to Remove)

 


m

#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 04 August 2015 - 08:44 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs
 
Post log here .
 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.
 
Step 3
 
Download Rkill and save it to your desktop (prefered version is iexplore.exe). 
 
Run tool as Administrator,it will kill all malicious processes.
 
Program will download and install Malwarebytes as well, and it will launch.
 
Make sure you have latest definitions by clicking on Update Now,then under Scan choose Threat Scan.
 
After scanning is done, click on Remove if malware is found,tool will ask for restart , allow it to do so.
 
Attach MBAM log here (you can find it in History > Application Logs).
 
Step 4
 
Scan with Norton Power Eraser
 
CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !
 
Download NPE by Symantec and save it to your desktop.
 
Run the tool as Administrator,accept license agreement,and click  Scan button. 
 
Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.
 
After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !
 
If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.


#3 evansstreet

evansstreet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 04 August 2015 - 11:33 AM

Hello

Here is MTB log :-

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by ALAN (administrator) on 04-08-2015 at 17:25:08
Running from "C:\Users\ALAN\Documents\DAD\Diagnostics and Security"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

=========================== Installed Programs ============================

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AmpliTube 3 version 3.14.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.14.0 - IK Multimedia)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.331 - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS Xonar DS Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: 1.00.0003 - ASUSTeK Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11000.25.1 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IK Multimedia Authorization Manager version 1.0.11 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.11 - IK Multimedia)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Iminent (HKLM-x32\...\{E931F892-098A-4C81-8DED-4013DB9E3B69}) (Version: 6.32.41.0 - Iminent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.0.0 - QFX Software Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
SampleTank FREE (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.5 - IK Multimedia)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
TBS 6280 Dual DVBT/T2 Tuner driver 1.0.1.0  for windows (HKLM\...\TBS 6280 Dual DVBT/T2 Tuner driver for windows_is1) (Version:  - TBS Technologies)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Windows Driver Package - TBSDTV TECHNOLOGY (TBS6280_64) MEDIA  (02/10/2015 1.0.1.3) (HKLM\...\665C92F4C153D06E76F0E320F62E15D363D50AF1) (Version: 02/10/2015 1.0.1.3 - TBSDTV TECHNOLOGY)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
YouTube Downloader Toolbar v6.0 (HKLM-x32\...\{590E3295-A11B-4C9F-9F88-399397EE393D}) (Version: 6.0 - Spigot, Inc.)

**** End of log ****

RKill did not install MWB but here is a log from this morning which I did in safe mode with no other programmes running

<?xml version="1.0" encoding="UTF-8"?>

<logs><record message="IsLicensed" last_modified_tag="d056c0ad-791d-40c0-80f1-74403d086b91" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T08:11:18.947534+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="fb8e8dc5-b066-49b8-ad18-865ca2743103" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T08:11:19.031285+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="17ec4f92-6981-4760-ba02-4d6a03d5c99a" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T08:11:19.045035+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="08a6d1a8-c2d1-4f1e-b95e-677af70bc63e" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T09:11:57.824084+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="498a455a-49d1-4ffd-97f7-a600c2084ecf" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T09:11:57.902835+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="b4aadeec-e767-4894-93d0-9b9795d801f6" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T09:11:57.922835+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="bb587ead-de92-4172-a0b5-fa60bfee8a06" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T09:16:43.325661+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="8a61ae51-c2be-4d65-b6ae-715fb117679b" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T09:16:43.360661+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="cd8f1ed2-fe97-4588-8d3f-4eb66a4db2f1" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T09:16:43.371912+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="71729be9-17b5-4141-a9b6-5cb2f8fbb11b" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T09:29:41.363978+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="e9c48c64-82f1-4689-8728-80adfd84a604" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T09:29:41.428979+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="73fec0e9-8d92-4310-a3c2-3810dc0f2676" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T09:29:41.452729+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="Bad md5 or size: swissarmy" last_modified_tag="64dc6849-04b7-4336-bd30-91a455f909b0" code="11" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Update" datetime="2015-08-04T09:41:25.218910+01:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: actions" last_modified_tag="e5ef26bb-459d-46e3-8607-6ab635a0a2b6" code="11" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Update" datetime="2015-08-04T09:41:25.256912+01:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: domains" last_modified_tag="575779df-4051-430f-8479-8c5b1908ce28" code="11" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Update" datetime="2015-08-04T09:41:25.285914+01:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: ips" last_modified_tag="a87cf844-dcfb-47ca-8fdb-6657741206fd" code="11" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Update" datetime="2015-08-04T09:41:25.313915+01:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: akadomains" last_modified_tag="e05c1590-eeca-4cdd-9c1a-0da605c3b247" code="11" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Update" datetime="2015-08-04T09:41:25.374919+01:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: akaips" last_modified_tag="d6a899cd-0ff1-45e3-bb94-53515aa19a79" code="11" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Update" datetime="2015-08-04T09:41:25.421922+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="dcab3433-1cf6-4a02-9a14-c028db3ce113" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:25.569174+01:00" LoggingEventType="1" severity="debug" toVersion="2015.7.24.3" name="IP Database" fromVersion="2015.7.24.3"/><record last_modified_tag="572fecda-fbd3-4fd3-a18c-54f915926214" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:25.617925+01:00" LoggingEventType="1" severity="debug" toVersion="2015.7.24.2" name="Domain Database" fromVersion="2015.7.24.2"/><record last_modified_tag="11ce24f2-39c1-4f5c-a244-356053988e0e" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:25.651675+01:00" LoggingEventType="1" severity="debug" toVersion="2015.7.28.1" name="Remediation Database" fromVersion="2015.7.28.1"/><record last_modified_tag="5cdadb89-f08c-4b19-88b5-0c3536d99f93" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:25.687926+01:00" LoggingEventType="1" severity="debug" toVersion="2015.8.3.1" name="Rootkit Database" fromVersion="2015.7.30.1"/><record last_modified_tag="10a14aba-055f-4263-9296-383b0f84c637" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:25.944180+01:00" LoggingEventType="1" severity="debug" toVersion="2015.8.3.1" name="AKA IP Database" fromVersion="2015.7.29.1"/><record last_modified_tag="09b18b67-10b6-4573-bf3a-eba00d75398b" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:26.777943+01:00" LoggingEventType="1" severity="debug" toVersion="2015.8.3.3" name="AKA Domain Database" fromVersion="2015.7.31.1"/><record last_modified_tag="517bc14a-7d90-41e5-89c3-b8cb291f91fe" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:41:32.165525+01:00" LoggingEventType="1" severity="debug" toVersion="2015.8.4.1" name="Malware Database" fromVersion="2015.7.31.6"/><record message="Failed" last_modified_tag="4201e9ea-591b-4813-aeed-b7852e81744b" code="Unable to access update server" systemname="ALAN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-08-04T09:52:18.138031+01:00" LoggingEventType="1" severity="debug"/><record last_modified_tag="7a0d10e7-1b9e-4116-bba3-4c63cb07509c" systemname="ALAN-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-08-04T10:09:24.807034+01:00" LoggingEventType="6" severity="debug" scantype="threat" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1026" starttime="2015-08-04T09:52:18+01:00"/><record message="IsLicensed" last_modified_tag="891c628c-74cf-4357-aa87-f0007eb93a84" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T10:40:44.454541+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="71387233-9cfe-4a36-934d-83ec3375fa5e" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T10:40:44.623294+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="ef37433a-9a38-4a3a-bf60-a25992ad9386" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T10:40:44.637044+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="32df4d37-c5f7-4a91-acd2-57e1562f340b" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T14:45:25.029998+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="545a5c6f-e0d5-461a-b409-5548c7272a35" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T14:45:25.056248+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="7dd89446-4ebc-4a57-8dae-8c77bed63b7a" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T14:45:25.072498+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="b5cb2bf6-356d-47cd-b565-e09131ec519d" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T14:58:27.452195+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="c54422d8-2549-48c0-b126-baa6cd3adf77" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T14:58:27.517196+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="935f552a-111a-47d3-8ff6-24062182b4c0" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T14:58:27.535946+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="fb4342a7-45f1-4b02-b3ae-2104da7f212d" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T16:36:19.486421+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="d617f081-1afe-414d-b75b-0a40ec4cbf2f" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T16:36:19.508921+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="faf527e7-7813-4cb9-8495-d046a88fcbee" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T16:36:19.522672+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/><record message="IsLicensed" last_modified_tag="5f707b30-114b-4f32-8d4a-04003667645b" code="13" systemname="ALAN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-08-04T16:43:10.127090+01:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="08eea276-27bc-4e1e-b664-8bf016f1c648" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T16:43:10.194591+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/><record last_modified_tag="8e2cb59c-bef4-4680-aac3-d34f2df312c3" systemname="ALAN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-08-04T16:43:10.210841+01:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/></logs>

 

I have done a scan with NPE. No issues

 



#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 04 August 2015 - 12:19 PM

We will uninstall some unwanted / unneeded programs :

 

  • YouTube Downloader Toolbar v6.0
  • SUPERAntiSpyware
  • RogueKiller version 10 
  • HiJackThis

Step 1

 

Scan with Malwarebytes AntiRootkit

 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.
 
Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.
 
Attach log here.
 
Step 2
 
Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.
 
Step 3
 
Download JRT by Malwarebytes and save it to your desktop.
 
Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.
 
Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.
 
Attach log here.

 

Step 4

 

Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.
 
Attach log here.

Edited by Firehouse, 04 August 2015 - 12:20 PM.


#5 evansstreet

evansstreet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 05 August 2015 - 04:12 AM

Here are the logs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by ALAN on 04/08/2015 at 20:13:16.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update ClearThink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update neurowise
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update RightSurf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util ClearThink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util neurowise



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\ALAN\Appdata\Local\{CA3CE0DB-82B5-48FE-A69D-959120316075}
Successfully deleted: [Folder] C:\ProgramData\productdata



~~~ FireFox

Successfully deleted the following from C:\Users\ALAN\AppData\Roaming\mozilla\firefox\profiles\jka7stig.default-1437051890203\prefs.js

user_pref(browser.startup.homepage, hxxps://www.google.co.uk/webhp?complete=0);
user_pref(extensions.myhomepage_manishjain9@gmail.com.welcomedmyhomepg, true);



~~~ Chrome

Successfully deleted: [Folder] C:\Users\ALAN\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
Successfully deleted: [Folder] C:\Users\ALAN\Appdata\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm

[C:\Users\ALAN\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ALAN\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
cjpalhdlnbpafiamejdnhcphjbkeiagm
icpgjfneehieebagbmdbhnlpiopdcmna
jbnkijekempmdlleaimfelifcejbkmcd

[C:\Users\ALAN\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ALAN\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2015 at 20:17:47.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Zemana AntiMalware 2.16.179.938 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/8/4
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i5-2500K CPU @ 3.30GHz
BIOS Mode              : Legacy
CUID                   : 00A82B4CC7043B4BEFC7F9
Scan Type              : Deep Scan
Duration               : 29m 58s
Scanned Objects        : 210356
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------

cbsidlm-cbsi188-Atomic_Clock_Sync-ORG-14844.exe
Status             : Scanned
Object             : %userprofile%\documents\dad\tech stuff\cbsidlm-cbsi188-atomic_clock_sync-org-14844.exe
MD5                : 122E0FE0BD52D264FFB874E538114473
Publisher          : CBS Interactive
Size               : 929416
Version            : 5.4.0.188
Detection          : Malware:Win32/Quarand!Ikee
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\documents\dad\tech stuff\cbsidlm-cbsi188-atomic_clock_sync-org-14844.exe

MiniToolBox.exe
Status             : Scanned
Object             : %userprofile%\documents\dad\diagnostics and security\minitoolbox.exe
MD5                : 521104E0FF602840E969D6C3D03F41F1
Publisher          : -
Size               : 891392
Version            : 25.7.2015.1
Detection          : Malware:Win32/Edizz.A!Icea
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\documents\dad\diagnostics and security\minitoolbox.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0

 

 

MBAR came up clean so no log

 

Regarding the unwanted/unneeded items, Rogue Killer is the premium version that I paid for so I don't really want to get rid of it.  I've removed the others.



#6 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 05 August 2015 - 04:13 AM

Ok, no problem. How is the situation now ?



#7 evansstreet

evansstreet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 05 August 2015 - 05:02 AM

I'm not really sure. When I open my folder in  "Computer" as well as my folders ie "my documents", "app data" etc I now have loads of ntuser  references and my folders seem to be opening differently.  It's most odd.  I'm beginning to think complete reinstall!  I have all my files backed up to a separate HDD.



#8 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 05 August 2015 - 05:12 AM

Yeah,i think you will have to do format.



#9 evansstreet

evansstreet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 05 August 2015 - 08:58 AM

Thanks for your input and advice.  It's a bit of a b****r not knowing what the problem was though!!

Bull by the horns time now.

Thanks again and 'bye. No reply necessary'

AlanJ14






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users