Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Update MS Essentials - CCleaner Won't Delete - Flashes Blank Screen


  • This topic is locked This topic is locked
20 replies to this topic

#1 bikerguy54

bikerguy54

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 05 October 2015 - 01:20 AM

Hello - First time posting

My computer has been running ridiculously slow for quite awhile. When I login to Windows 7,  it goes to a blank screen, then loads the desktop. All programs take a long time to initiate and load. I can't update Microsoft Security Essentials and CCleaner isn't deleting the files. It goes through the entire process, but then shows; 0 bytes removed. I ran a scan with Malwarebytes and it found nothing. When I looked in add/remove programs the version of Malwarebytes wasn't the same as the one on my laptops, so I uninstalled it. It might be a good version but I wasn't sure. The version was 2.1.8.1057. My computer hangs and freezes, even Bleeping Computers became unresponsive, and most of the time it takes a long time for a webpage to unfreeze and respond again. Everything I click on is delayed and some things doesn't open at all. I have multiple can't load page errors.

I downloaded FRST per the prep guide listed for this forum. When I tried to save it to my desktop, I message popped up at the bottom on my page that said "FRST.exe is not commonly downloaded and could harm your computer." It gave me 3 options: Delete, Action, View Downloads. I decided to go with "Action" and it gave a "Smart filter warning". I had to choose "Run Anyway" and then it installed. I don't know if that's an issue or not, so hopefully someone here to tell me.

Right now my computer is not protected. I have the firewall on, but my antivirus cannot update. Here is the FRST log and I've attached the additional log. Thanks in advance.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by gregory butler (administrator) on GOLFCART (05-10-2015 01:07:48)
Running from C:\Users\gregory butler\Desktop
Loaded Profiles: gregory butler & UpdatusUser (Available Profiles: gregory butler & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20] (Logitech, Inc.)
HKU\S-1-5-21-2277348058-2041596717-938071942-1000\...\Run: [Sidebar (1)] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2277348058-2041596717-938071942-1000\...\MountPoints2: {42b767bb-cc7c-11e0-9d11-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-2277348058-2041596717-938071942-1000\...\MountPoints2: {9801a16d-acfb-11e0-a383-001731f8b0a3} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2277348058-2041596717-938071942-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 216.252.23.242 209.55.27.13
Tcpip\..\Interfaces\{53A0F4A2-3BA1-44E6-9910-21359CAD1D0A}: [DhcpNameServer] 8.8.8.8 216.252.23.242 209.55.27.13

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2277348058-2041596717-938071942-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2277348058-2041596717-938071942-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U219DHP&pc=U219
HKU\S-1-5-21-2277348058-2041596717-938071942-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2277348058-2041596717-938071942-1000 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-2277348058-2041596717-938071942-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2277348058-2041596717-938071942-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File

FireFox:
========
FF ProfilePath: C:\Users\gregory butler\AppData\Roaming\Mozilla\Firefox\Profiles\k2lyy6e9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-02] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path\update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-05-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 IntelS51; C:\Windows\System32\DRIVERS\IntelS51.sys [1903646 2006-05-01] (Intel Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 nvmpu401; C:\Windows\System32\drivers\nvmpu401.sys [10240 2005-04-13] (NVIDIA Corporation)
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
R0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [215856 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2074480 2010-05-20] (Microsoft Corporation
)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 TMAgent; no ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-05 01:07 - 2015-10-05 01:09 - 00010962 _____ C:\Users\gregory butler\Desktop\FRST.txt
2015-10-05 01:06 - 2015-10-05 01:08 - 00000000 ____D C:\FRST
2015-10-05 01:06 - 2015-10-05 01:06 - 01697792 _____ (Farbar) C:\Users\gregory butler\Desktop\FRST.exe
2015-10-05 01:00 - 2015-10-05 01:05 - 02193920 _____ (Farbar) C:\Users\gregory butler\Desktop\FRST64.exe
2015-10-05 00:28 - 2015-10-05 00:28 - 00000056 _____ C:\Windows\setupact.log
2015-10-05 00:28 - 2015-10-05 00:28 - 00000000 _____ C:\Windows\setuperr.log
2015-10-05 00:27 - 2015-10-05 00:27 - 00000852 _____ C:\Windows\PFRO.log
2015-10-05 00:16 - 2015-10-05 00:16 - 00000000 __SHD C:\Users\gregory butler\AppData\LocalLow\EmieBrowserModeList
2015-10-05 00:09 - 2015-10-05 00:09 - 00000000 ____D C:\Windows\Temp03F2CC48-DA7B-4956-8082-75D3D422B532-Signatures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-05 01:09 - 2014-03-01 01:24 - 01521325 _____ C:\Windows\WindowsUpdate.log
2015-10-05 00:35 - 2009-07-14 00:34 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 00:35 - 2009-07-14 00:34 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 00:28 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 00:27 - 2014-03-13 11:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-05 00:26 - 2013-11-14 11:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-05 00:20 - 2013-10-20 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-05 00:18 - 2013-11-04 02:42 - 00002106 _____ C:\Windows\epplauncher.mif
2015-10-05 00:08 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-02 02:22 - 2013-11-14 11:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-02 02:22 - 2013-11-14 11:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-02 02:11 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2011-07-04 13:02 - 2011-07-04 13:02 - 0043642 _____ () C:\Users\gregory butler\AppData\Roaming\UserTile.png
2013-09-19 20:36 - 2013-09-19 20:36 - 0000017 _____ () C:\Users\gregory butler\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-18 00:48

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 05 October 2015 - 03:43 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


Edited by deeprybka, 05 October 2015 - 03:44 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 05 October 2015 - 11:55 AM

Thank you for helping.

 

I downloaded TDSS as instructed and ran a scan. For some reason I cannot copy the report. I can highlight the report, but it's not responding to my mouse right-click, so I can't copy and paste the report. I tested right-clicking on other documents and articles, including this website, and right-click is working as it should on everything else. The only thing I can't copy is TDSS report.



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 05 October 2015 - 12:14 PM

attachlogs.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 05 October 2015 - 03:58 PM

I'm not understanding how to attach the TDSS report. It didn't generate a notepad copy and a search of the files doesn't show TDSS on my computer at all. I can click on the upper right link that says (Report) on the TDSS interface and it will display the report, however, there isn't any options to "save" the report or do anything else. How do I attach the file if I can't copy it to notepad and TDSS didn't save a copy in my documents or on my desktop?



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 05 October 2015 - 04:00 PM

 

It is also saved at C:\TDSSKiller.<version_date_time>_log.txt


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 06 October 2015 - 01:25 AM

Got it, thanks. I had to attach the report because it was too long to post.

Attached Files



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 06 October 2015 - 01:58 AM

OK,
next step for you:

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 06 October 2015 - 11:02 AM

Here's Combo Fix report. I probably should mention my computer is occasionally displaying about:blank pages.

 

ComboFix 15-10-06.01 - gregory butler 10/06/2015  11:34:51.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1023.302 [GMT -4:00]
Running from: c:\users\gregory butler\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-06 to 2015-10-06  )))))))))))))))))))))))))))))))
.
.
2015-10-06 15:42 . 2015-10-06 15:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-10-06 15:42 . 2015-10-06 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-06 14:39 . 2015-10-06 14:39 -------- d-----w- c:\users\gregory butler\AppData\Local\GWX
2015-10-05 20:49 . 2015-09-16 09:43 8884144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45A53B07-CDA8-4885-81B5-6113F55C04B7}\mpengine.dll
2015-10-05 17:13 . 2015-10-05 17:14 -------- d-----w- C:\cdd23cd00fba465882be5abef19f
2015-10-05 17:03 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-05 16:54 . 2015-07-09 17:42 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-10-05 16:53 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2015-10-05 06:15 . 2015-07-28 20:00 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-10-05 06:15 . 2015-07-28 20:00 346112 ----a-w- c:\windows\system32\devinv.dll
2015-10-05 06:15 . 2015-07-28 20:00 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-10-05 06:15 . 2015-07-28 20:00 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-10-05 06:15 . 2015-07-28 20:00 635904 ----a-w- c:\windows\system32\invagent.dll
2015-10-05 06:15 . 2015-07-28 19:54 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-10-05 06:15 . 2015-06-03 20:17 163840 ----a-w- c:\windows\system32\aepic.dll
2015-10-05 06:15 . 2015-07-28 20:00 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-10-05 06:15 . 2015-07-28 20:04 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-05 05:53 . 2015-04-13 03:19 259072 ----a-w- c:\windows\system32\services.exe
2015-10-05 05:09 . 2015-07-30 17:57 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-10-05 05:09 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-10-05 05:09 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-10-05 05:09 . 2015-07-01 20:30 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-10-05 05:09 . 2015-07-01 20:30 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-10-05 05:09 . 2015-07-15 17:59 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-10-05 05:09 . 2015-07-15 17:55 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-10-05 05:09 . 2015-07-15 17:54 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-10-05 05:08 . 2015-04-24 17:56 530432 ----a-w- c:\windows\system32\comctl32.dll
2015-10-05 05:07 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-10-05 05:07 . 2015-01-29 03:02 844288 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-10-05 05:07 . 2015-07-09 17:42 179712 ----a-w- c:\windows\system32\notepad.exe
2015-10-05 05:07 . 2015-07-09 17:42 179712 ----a-w- c:\windows\notepad.exe
2015-10-05 05:07 . 2015-05-25 18:01 92160 ----a-w- c:\windows\system32\sechost.dll
2015-10-05 05:07 . 2015-05-25 18:00 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-10-05 05:07 . 2015-05-25 18:00 82944 ----a-w- c:\windows\system32\logman.exe
2015-10-05 05:07 . 2015-05-25 18:00 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-10-05 05:07 . 2015-05-25 18:00 37888 ----a-w- c:\windows\system32\relog.exe
2015-10-05 05:07 . 2015-05-25 18:00 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-10-05 05:06 . 2015-10-05 05:11 -------- d-----w- C:\FRST
2015-10-05 05:06 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-10-05 05:05 . 2015-07-10 17:34 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-10-05 05:05 . 2015-07-10 17:33 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-10-05 05:05 . 2015-04-27 19:05 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-10-05 05:05 . 2015-04-27 19:04 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-10-05 05:05 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-10-05 05:05 . 2015-04-27 19:04 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-10-05 05:05 . 2015-04-11 03:07 54656 ----a-w- c:\windows\system32\drivers\stream.sys
2015-10-05 05:04 . 2015-07-15 02:55 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-10-05 05:04 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\system32\msi.dll
2015-10-05 05:04 . 2015-06-15 21:43 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-10-05 05:04 . 2015-06-15 21:42 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-10-05 05:04 . 2015-06-15 21:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-10-05 05:03 . 2015-02-18 07:06 123904 ----a-w- c:\windows\system32\poqexec.exe
2015-10-05 05:03 . 2015-06-17 17:39 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-10-05 05:03 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-10-05 04:39 . 2015-04-18 02:56 342016 ----a-w- c:\windows\system32\certcli.dll
2015-10-05 04:30 . 2015-06-01 23:47 210432 ----a-w- c:\windows\system32\cewmdm.dll
2015-10-05 04:09 . 2015-10-05 04:09 -------- d-----w- c:\windows\Temp03F2CC48-DA7B-4956-8082-75D3D422B532-Signatures
2015-10-02 05:18 . 2015-08-30 03:06 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36E1B21B-A4AA-43A9-ACB4-BAAE68CAB1B9}\gapaengine.dll
2015-10-02 05:05 . 2015-09-16 09:43 8884144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-02 06:22 . 2013-11-14 15:38 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-02 06:22 . 2013-11-14 15:38 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-30 03:30 . 2015-08-30 03:30 98520 ----a-w- c:\windows\system32\drivers\691D10DF.sys
2015-08-30 03:06 . 2013-11-06 07:44 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-15 17:43 . 2015-10-05 05:09 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar (1)"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 981688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\users\gregory butler\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-19 79360]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1343400]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ    DiagTrack
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14 06:22]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 8.8.8.8 216.252.23.242 209.55.27.13
FF - ProfilePath - c:\users\gregory butler\AppData\Roaming\Mozilla\Firefox\Profiles\k2lyy6e9.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avldr - (no file)
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2277348058-2041596717-938071942-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2277348058-2041596717-938071942-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-06  11:45:42
ComboFix-quarantined-files.txt  2015-10-06 15:45
.
Pre-Run: 281,620,828,160 bytes free
Post-Run: 281,530,429,440 bytes free
.
- - End Of File - - 72473288FB7BBCDCECDE91B257720D9A
A36C5E4F47E84449FF07ED3517B43A31
 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 06 October 2015 - 11:13 AM

OK, next steps are:

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Edited by deeprybka, 06 October 2015 - 11:15 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 07 October 2015 - 01:35 AM

Okay, here's the logs:

 

# AdwCleaner v5.010 - Logfile created 07/10/2015 at 01:20:03
# Updated 04/10/2015 by Xplode
# Database : 2015-10-05.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : gregory butler - GOLFCART
# Running from : C:\Users\gregory butler\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\gregory butler\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\gregory butler\AppData\LocalLow\iac

***** [ Files ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\YahooPartnerToolbar

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1807 bytes] ##########

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/7/2015
Scan Time: 1:39 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.06.06
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: gregory butler

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362979
Time Elapsed: 15 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=init
# utc_time=2015-10-07 05:58:35
# local_time=2015-10-07 01:58:35 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26117
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=updated
# utc_time=2015-10-07 06:12:52
# local_time=2015-10-07 02:12:52 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# engine=26117
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-07 06:24:51
# local_time=2015-10-07 02:24:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 85397207 0 0
# scanned=26798
# found=0
# cleaned=0
# scan_time=717
 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 07 October 2015 - 01:45 AM

# end=stopped

 
ESET Scan wasn't complete.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 07 October 2015 - 11:56 AM

Sorry about that. Here's the new scan:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=init
# utc_time=2015-10-07 04:30:22
# local_time=2015-10-07 12:30:22 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26126
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=updated
# utc_time=2015-10-07 04:31:29
# local_time=2015-10-07 12:31:29 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# engine=26126
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-07 04:53:26
# local_time=2015-10-07 12:53:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 85434922 0 0
# scanned=28244
# found=1
# cleaned=0
# scan_time=1315
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\gregory butler\Downloads\ccsetup408.exe"
 



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 AM

Posted 07 October 2015 - 12:08 PM

 

# end=stopped

 

Again. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 bikerguy54

bikerguy54
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 07 October 2015 - 10:56 PM

The last 2 times I ran ESET the Downloading virus signature database started at 50%. Maybe it's suppose to since it's already loaded the initial database. I start the scan and leave it to run, then click finish. It said found 1 threat. Here's the new log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=init
# utc_time=2015-10-07 04:30:22
# local_time=2015-10-07 12:30:22 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26126
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=updated
# utc_time=2015-10-07 04:31:29
# local_time=2015-10-07 12:31:29 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# engine=26126
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-07 04:53:26
# local_time=2015-10-07 12:53:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 85434922 0 0
# scanned=28244
# found=1
# cleaned=0
# scan_time=1315
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\gregory butler\Downloads\ccsetup408.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=init
# utc_time=2015-10-08 02:24:16
# local_time=2015-10-07 10:24:16 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26132
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# end=updated
# utc_time=2015-10-08 02:25:01
# local_time=2015-10-07 10:25:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b78b64c7b2422545a3722317237e96a4
# engine=26132
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-08 03:16:36
# local_time=2015-10-07 11:16:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 85472312 0 0
# scanned=130562
# found=1
# cleaned=0
# scan_time=3094
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\gregory butler\Downloads\ccsetup408.exe"
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users