Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!! Pop ups, internet explorer missing, chrome hijacked, etc


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cajun20th

Cajun20th

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 09 November 2015 - 09:57 AM

I am having issues with my laptop.  About a month ago, the laptop started running extremely slow and started having some pop up windows showing virus and malware removal tools along with backup software i never installed.  Internet explorer is now missing from my laptop and google chrome doesn't work properly showing me errors whenever i click on a link from the google search results window.  Example, i searched bleeping computer in google.  I clicked on the link showing www.bleepingcomputer.com and instead or going to the bleeping computer home page i was given a new tab with a "bleeping Computer Survey" web page that i did not trust and closed.  I tried updating and running malwarebytes in safe mode and it always ends with 1100+ issues and i remove them, reboot, scan again with the same results.  The laptop has both Norton and McAfee and i'd like to remove both and install a better antivirus solution.  Below is my FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Miah (administrator) on MIAH-PC (09-11-2015 08:26:58)
Running from C:\Users\Miah\Downloads
Loaded Profiles: Miah (Available Profiles: Miah & baby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
( ) C:\Windows\System32\lxducoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Time Lapse Solutions) C:\ProgramData\muaGpy\iPRMqt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\ProgramData\Ihlnaespaexse\1.0.6.1\tnixlegu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\ProgramData\Ihlnaespaexse\1.0.6.1\tnixlegu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\...\MountPoints2: {f7592afa-e83d-11e2-941d-60eb694229a3} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-01] (Microsoft Corporation)
AppInit_DLLs-x32: C:/PROGRA~3/{E4280~1/193~1.1/fara.dll => C:\ProgramData\{E4280CEB-B4AA-DD6D-052C-ADEFD5AE7E61}\1.9.3.1\fara.dll [1010688 2015-03-24] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1452031900-1653274414-3183778240-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0750886D-E262-4792-8B36-EC59120F833A}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0750886D-E262-4792-8B36-EC59120F833A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-is__alt__ddc_dsssyc_bd_com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?type=ds&ts=1415029367&from=brd&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ1A60N1680N1680&i=psd&t=34b6c58ae&q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?type=ds&ts=1415029367&from=brd&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ1A60N1680N1680&i=psd&t=34b6c58ae&q={searchTerms}
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F27ztutdk0000,63fed5f1-dcc0-49ec-a314-7300d35d87d9,&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS411
BHO: TestSpeeder -> {2FD4E70E-721A-2F22-3BE8-061D4AAE8C2A} -> C:\Program Files (x86)\ver1TestSpeeder\180_x64.dll [2014-10-08] ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: TestSpeeder -> {2FD4E70E-721A-2F22-3BE8-061D4AAE8C2A} -> C:\Program Files (x86)\ver1TestSpeeder\180.dll [2014-10-08] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Miah\AppData\Roaming\Mozilla\Firefox\Profiles\vp5t9ev1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2011-10-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_12_1
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_12_1 [2015-11-08] [not signed]
FF HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\...\Firefox\Extensions: [{954498C5-97E7-FB49-5328-BEA72EE2D216}] - C:\Program Files (x86)\ver1TestSpeeder\180.xpi
FF Extension: TestSpeeder - C:\Program Files (x86)\ver1TestSpeeder\180.xpi [2014-10-08] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-07]
CHR Extension: (Gmail) - C:\Users\Miah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.3UIA2OYXYT6I4ESKYVFAHJL5IU - C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 iPRMqt; C:\ProgramData\muaGpy\iPRMqt.exe [2733032 2015-02-07] (Time Lapse Solutions)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [953904 2010-11-23] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-01-22] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110218.003\IDSvia64.sys [476792 2010-11-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [64328 2015-01-15] (Windows ® Win 7 DDK provider)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110220.002\ENG64.SYS [117880 2011-01-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110220.002\EX64.SYS [1791096 2011-01-22] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [56504 2014-10-08] (Corsica)
S1 b786bdb3c67d; system32\drivers\b786bdb3c67d.sys [X]
S1 {2429c312-24d3-4127-94ed-c247fe9e02fc}w64; system32\drivers\{2429c312-24d3-4127-94ed-c247fe9e02fc}w64.sys [X]
S1 {6cfec6a5-9d93-4492-985a-470a68eff4e9}w64; system32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64.sys [X]
S1 {b0c51d23-966e-4986-81ac-a04859acb990}w64; system32\drivers\{b0c51d23-966e-4986-81ac-a04859acb990}w64.sys [X]
S1 {bcd08fc8-cb56-41a3-8b19-3c556687a504}w64; system32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}w64.sys [X]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [X]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [X]
S1 {f304f5bf-f4de-42cd-97b2-3ce03ceff9ce}w64; system32\drivers\{f304f5bf-f4de-42cd-97b2-3ce03ceff9ce}w64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 22:29 - 2015-11-09 08:29 - 00018985 _____ C:\Users\Miah\Downloads\FRST.txt
2015-11-08 22:28 - 2015-11-09 08:27 - 00000000 ____D C:\FRST
2015-11-08 22:28 - 2015-11-08 22:28 - 02198528 _____ (Farbar) C:\Users\Miah\Downloads\FRST64.exe
2015-11-08 22:17 - 2015-11-08 22:24 - 00000000 ____D C:\Users\Miah\AppData\Local\Mozilla
2015-11-08 22:17 - 2015-11-08 22:18 - 00000000 ____D C:\Users\Miah\AppData\Roaming\Mozilla
2015-11-08 22:17 - 2015-11-08 22:17 - 00001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-08 22:17 - 2015-11-08 22:17 - 00001120 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-08 22:17 - 2015-11-08 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 22:17 - 2015-11-08 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-08 22:14 - 2015-11-08 22:14 - 00243656 _____ C:\Users\Miah\Downloads\Firefox Setup Stub 42.0 (2).exe
2015-11-08 22:06 - 2015-11-08 22:06 - 00243656 _____ C:\Users\Miah\Downloads\Firefox Setup Stub 42.0 (1).exe
2015-11-08 21:40 - 2015-11-08 21:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-11-08 19:54 - 2015-11-08 19:55 - 00602512 _____ C:\Windows\Minidump\110815-27440-01.dmp
2015-11-08 07:24 - 2015-11-08 07:24 - 00003416 ____N C:\bootsqm.dat
2015-11-08 07:23 - 2015-11-08 07:23 - 00000000 __SHD C:\found.000
2015-11-08 06:59 - 2015-11-09 06:24 - 00000000 ____D C:\Users\Miah\AppData\Local\ZombieNews
2015-11-08 06:57 - 2014-10-08 16:22 - 00056504 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2015-11-07 15:59 - 2015-11-07 15:59 - 00243656 _____ C:\Users\Miah\Downloads\Firefox Setup Stub 42.0.exe
2015-11-07 15:41 - 2015-11-07 15:41 - 00001186 _____ C:\Users\Miah\Desktop\adwcleaner_5.018 - Shortcut.lnk
2015-11-07 15:37 - 2015-11-08 21:32 - 00000000 ____D C:\AdwCleaner
2015-11-07 15:04 - 2015-11-07 15:04 - 00000000 ____D C:\Users\Miah\AppData\Roaming\WildTangent
2015-11-07 13:22 - 2015-11-07 13:22 - 00001063 _____ C:\Users\Miah\Desktop\removed threats.txt
2015-11-07 12:45 - 2015-11-08 22:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 12:44 - 2015-11-07 12:44 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-07 12:44 - 2015-11-07 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-07 12:44 - 2015-11-07 12:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-07 12:44 - 2015-11-07 12:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-07 12:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-07 12:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-07 12:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-07 12:39 - 2015-11-07 12:42 - 22908888 _____ (Malwarebytes ) C:\Users\Miah\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-07 12:34 - 2015-11-07 12:34 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-07 12:34 - 2015-11-07 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-07 12:32 - 2015-11-07 12:32 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1198ab877b5ba.job
2015-11-07 12:23 - 2015-11-07 12:23 - 00000000 _____ C:\Windows\SysWOW64\shoC5FD.tmp
2015-11-07 12:20 - 2015-11-08 06:44 - 00000000 ____D C:\Windows\pss
2015-11-05 15:31 - 2015-07-21 11:17 - 01084696 _____ (TMRG, Inc.) C:\Windows\system32\rlls64.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 08:29 - 2010-09-09 07:44 - 01862442 _____ C:\Windows\WindowsUpdate.log
2015-11-09 08:14 - 2015-02-16 08:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 08:14 - 2013-12-31 12:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-09 07:50 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 07:50 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 07:33 - 2014-01-30 19:55 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452031900-1653274414-3183778240-1003UA.job
2015-11-09 07:17 - 2010-07-22 08:27 - 00000000 ____D C:\ProgramData\Norton
2015-11-09 06:01 - 2015-08-09 19:19 - 00003444 _____ C:\Windows\System32\Tasks\Ihlnaespaexse
2015-11-08 22:44 - 2009-07-13 23:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-08 22:38 - 2014-10-08 16:23 - 00000416 _____ C:\Windows\Tasks\TestSpeeder Update.job
2015-11-08 22:36 - 2015-03-31 08:01 - 00001332 _____ C:\Windows\Tasks\FTKEM.job
2015-11-08 22:36 - 2015-03-24 18:48 - 00001680 _____ C:\Windows\Tasks\CBJXTMJ.job
2015-11-08 22:36 - 2010-12-25 21:38 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 22:35 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-08 22:34 - 2009-07-13 22:51 - 00056409 _____ C:\Windows\setupact.log
2015-11-08 19:55 - 2013-12-31 12:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-08 19:54 - 2014-10-11 21:04 - 356616997 _____ C:\Windows\MEMORY.DMP
2015-11-08 19:54 - 2014-10-11 21:04 - 00000000 ____D C:\Windows\Minidump
2015-11-08 19:48 - 2013-12-31 12:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-08 19:48 - 2013-12-31 12:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-08 07:10 - 2015-03-24 19:33 - 00000000 ____D C:\ProgramData\Windows VXM
2015-11-08 07:01 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-08 06:50 - 2015-03-24 18:49 - 00000000 ____D C:\ProgramData\DataFile
2015-11-08 06:47 - 2014-10-09 08:05 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-07 15:30 - 2010-07-22 08:28 - 00201666 _____ C:\Windows\PFRO.log
2015-11-07 15:29 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-07 15:08 - 2010-07-22 08:22 - 00000000 ____D C:\Program Files\Google
2015-11-07 15:08 - 2010-07-22 08:22 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-07 15:06 - 2010-12-25 21:02 - 00000000 ____D C:\Users\Miah\AppData\Local\Google
2015-11-07 15:06 - 2010-07-22 08:22 - 00000000 ____D C:\ProgramData\Google
2015-11-07 15:04 - 2011-01-23 19:16 - 00000000 ____D C:\Users\baby\AppData\Roaming\WildTangent
2015-11-07 15:04 - 2010-07-22 08:14 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-07 15:04 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-07 13:48 - 2015-03-24 19:48 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-07 13:31 - 2009-07-13 20:34 - 00000505 _____ C:\Windows\win.ini
2015-11-07 13:26 - 2015-08-09 19:19 - 00000000 ____D C:\ProgramData\Ihlnaespaexse
2015-11-05 15:46 - 2014-11-03 09:26 - 00000000 ____D C:\Users\Miah\AppData\Local\CrashDumps
2015-11-05 15:31 - 2014-10-11 20:49 - 00000265 _____ C:\Users\Miah\AppData\Roaming\WB.CFG
 
==================== Files in the root of some directories =======
 
2015-08-09 18:54 - 2015-08-09 18:54 - 6420480 _____ () C:\Program Files (x86)\GUT47F8.tmp
2014-10-11 21:01 - 2014-10-11 21:01 - 6010880 _____ () C:\Program Files (x86)\GUTDA79.tmp
2015-03-24 08:01 - 2015-03-24 08:01 - 0000020 _____ () C:\Users\Miah\AppData\Roaming\appdataFr3.bin
2015-03-09 15:30 - 2015-03-09 15:30 - 0005487 _____ () C:\Users\Miah\AppData\Roaming\CBJXTMJ
2015-03-24 18:48 - 2015-03-24 18:48 - 1933824 _____ (Cinema PlusV24.03) C:\Users\Miah\AppData\Roaming\CBJXTMJ.exe
2015-03-26 13:14 - 2015-03-26 13:14 - 0005542 _____ () C:\Users\Miah\AppData\Roaming\FTKEM
2015-03-31 08:01 - 2015-03-31 08:01 - 1900544 _____ (Cinema PlusV31.03) C:\Users\Miah\AppData\Roaming\FTKEM.exe
2012-07-23 14:33 - 2012-07-23 14:33 - 1639104 _____ () C:\Users\Miah\AppData\Roaming\UserTile.png
2014-10-11 20:49 - 2015-11-05 15:31 - 0000265 _____ () C:\Users\Miah\AppData\Roaming\WB.CFG
2014-11-03 09:50 - 2014-11-03 09:50 - 0022528 _____ () C:\Users\Miah\AppData\Local\1854820dsisetup18645862.exe
2014-11-03 09:50 - 2015-02-07 11:50 - 0000001 _____ () C:\Users\Miah\AppData\Local\DSI.DAT
2015-02-07 11:50 - 2015-02-07 11:50 - 0022528 _____ () C:\Users\Miah\AppData\Local\dsisetup9775802.exe
2011-01-22 11:18 - 2011-01-22 11:18 - 0000186 _____ () C:\ProgramData\lxdu.log
2011-04-19 19:31 - 2011-04-19 19:31 - 0512539 _____ () C:\ProgramData\SPL8E7C.tmp
2014-09-17 16:11 - 2014-09-17 16:11 - 7652776 _____ () C:\ProgramData\SPLE1A9.tmp
2014-05-03 15:56 - 2014-05-03 15:56 - 7652776 _____ () C:\ProgramData\SPLEFCA.tmp
 
Some files in TEMP:
====================
C:\Users\baby\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\baby\AppData\Local\Temp\SPSetup.exe
C:\Users\baby\AppData\Local\Temp\{878C5279-4070-485C-B01A-E3B16923A35C}-GoogleUpdateSetup.exe
C:\Users\Miah\AppData\Local\Temp\7504.exe
C:\Users\Miah\AppData\Local\Temp\BackupSetup.exe
C:\Users\Miah\AppData\Local\Temp\bitool.dll
C:\Users\Miah\AppData\Local\Temp\cfcabfibcdg.exe
C:\Users\Miah\AppData\Local\Temp\CloudBackup1055.exe
C:\Users\Miah\AppData\Local\Temp\CloudBackup4820.exe
C:\Users\Miah\AppData\Local\Temp\compete.exe
C:\Users\Miah\AppData\Local\Temp\cw.exe
C:\Users\Miah\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Miah\AppData\Local\Temp\GQrN5.exe
C:\Users\Miah\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Miah\AppData\Local\Temp\jue21F1.exe
C:\Users\Miah\AppData\Local\Temp\jue426C.exe
C:\Users\Miah\AppData\Local\Temp\jue90CA.exe
C:\Users\Miah\AppData\Local\Temp\jueC820.exe
C:\Users\Miah\AppData\Local\Temp\jueD1DF.exe
C:\Users\Miah\AppData\Local\Temp\jueD604.exe
C:\Users\Miah\AppData\Local\Temp\jueE3BA.exe
C:\Users\Miah\AppData\Local\Temp\ObronaBlockAdsUpdate.exe
C:\Users\Miah\AppData\Local\Temp\rc66.exe
C:\Users\Miah\AppData\Local\Temp\Setup_153729.exe
C:\Users\Miah\AppData\Local\Temp\setup_517.exe
C:\Users\Miah\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Miah\AppData\Local\Temp\sqlite3.dll
C:\Users\Miah\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Miah\AppData\Local\Temp\vwZY7.dll
C:\Users\Miah\AppData\Local\Temp\vwZY7.exe
C:\Users\Miah\AppData\Local\Temp\{FEF2FAD0-5E1B-4C35-8A78-831CF8F4D5C1}-ciie-3.2.0-12413.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-24 15:08
 
==================== End of FRST.txt ============================
 
Here is the addition.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 11 November 2015 - 11:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold using the Control panel > Propgrams and Features applet.
Solid YouTube Downloader and Converter 6.2.0.1 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-ytd}_is1) (Version: - DreamVideoSoft,Inc.)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Microsoft Corporation) C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe
(Time Lapse Solutions) C:\ProgramData\muaGpy\iPRMqt.exe
() C:\ProgramData\Ihlnaespaexse\1.0.6.1\tnixlegu.exe
() C:\ProgramData\Ihlnaespaexse\1.0.6.1\tnixlegu.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1452031900-1653274414-3183778240-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?type=ds&ts=1415029367&from=brd&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ1A60N1680N1680&i=psd&t=34b6c58ae&q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?type=ds&ts=1415029367&from=brd&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ1A60N1680N1680&i=psd&t=34b6c58ae&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F27ztutdk0000,63fed5f1-dcc0-49ec-a314-7300d35d87d9,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
BHO: TestSpeeder -> {2FD4E70E-721A-2F22-3BE8-061D4AAE8C2A} -> C:\Program Files (x86)\ver1TestSpeeder\180_x64.dll [2014-10-08] ()
BHO-x32: TestSpeeder -> {2FD4E70E-721A-2F22-3BE8-061D4AAE8C2A} -> C:\Program Files (x86)\ver1TestSpeeder\180.dll [2014-10-08] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1452031900-1653274414-3183778240-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKU\S-1-5-21-1452031900-1653274414-3183778240-1002\...\Firefox\Extensions: [{954498C5-97E7-FB49-5328-BEA72EE2D216}] - C:\Program Files (x86)\ver1TestSpeeder\180.xpi
FF Extension: TestSpeeder - C:\Program Files (x86)\ver1TestSpeeder\180.xpi [2014-10-08] [not signed]
R2 iPRMqt; C:\ProgramData\muaGpy\iPRMqt.exe [2733032 2015-02-07] (Time Lapse Solutions)
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [64328 2015-01-15] (Windows ® Win 7 DDK provider)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [56504 2014-10-08] (Corsica)
S1 b786bdb3c67d; system32\drivers\b786bdb3c67d.sys [X]
S1 {2429c312-24d3-4127-94ed-c247fe9e02fc}w64; system32\drivers\{2429c312-24d3-4127-94ed-c247fe9e02fc}w64.sys [X]
S1 {6cfec6a5-9d93-4492-985a-470a68eff4e9}w64; system32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64.sys [X]
S1 {b0c51d23-966e-4986-81ac-a04859acb990}w64; system32\drivers\{b0c51d23-966e-4986-81ac-a04859acb990}w64.sys [X]
S1 {bcd08fc8-cb56-41a3-8b19-3c556687a504}w64; system32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}w64.sys [X]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [X]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [X]
S1 {f304f5bf-f4de-42cd-97b2-3ce03ceff9ce}w64; system32\drivers\{f304f5bf-f4de-42cd-97b2-3ce03ceff9ce}w64.sys [X]
C:\Program Files (x86)\Windows Network Accelerater
C:\ProgramData\muaGpy
C:\ProgramData\Ihlnaespaexse
C:\ProgramData\muaGpy
C:\Program Files (x86)\ver1TestSpeeder
Task: {CF3AD828-E4C5-4708-B612-4520647DA4F8} - System32\Tasks\FTKEM => C:\Users\Miah\AppData\Roaming\FTKEM.exe [2015-03-31] (Cinema PlusV31.03) <==== ATTENTION
Task: {D1D34816-6FA2-47DC-8A42-CC5FBE503C84} - System32\Tasks\CIMT_daily_S-1-5-21-1452031900-1653274414-3183778240-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {F6DE394D-FD25-4ADB-A6D3-549A895545E5} - System32\Tasks\CIMT_S-1-5-21-1452031900-1653274414-3183778240-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CBJXTMJ.job => C:\Users\Miah\AppData\Roaming\CBJXTMJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\FTKEM.job => C:\Users\Miah\AppData\Roaming\FTKEM.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
MSCONFIG\startupreg: BRS => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
FirewallRules: [{D54AC680-1495-4C22-AC45-6C025F6011D7}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{DDF90095-9CDF-45FF-8C63-57B05D1F0D97}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G3\netclean.exe
FirewallRules: [{7A153346-BCAA-4210-A06B-C79C3A24DDD6}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G3\youtubeserv.exe
C:\Users\Miah\AppData\Roaming\FTKEM.exe
C:\Program Files (x86)\Consumer Input
C:\Users\Miah\AppData\Roaming\CBJXTMJ.exe 

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 16 November 2015 - 09:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users