Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frozen


  • This topic is locked This topic is locked
13 replies to this topic

#1 matchead

matchead

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 09 January 2016 - 08:36 AM

Suggestions on what program I can run to check for virus/worms...etc ??

Issue is....... Sometimes, (not always), when I go to a website, everything "feezes" for 15 - 30 seconds.  Even the cursor won't move.  The window on my screen will "minimize" to the bottom of the screen for a few seconds....then open back up and everything is fine.

Doesn't happen on any certain website.......and doesn't happen on all websites.

Very random.

 

Op Sys = Windows 7 Home Premium

 

Please help :)

Matchead



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,911 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:49 PM

Posted 09 January 2016 - 04:39 PM

Use the programs below to clean up the computer and remove adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 11 January 2016 - 08:58 PM

Here are the logs -

 

MBAMLOG

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/11/2016
Scan Time: 11:03 AM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.11.03
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348944
Time Elapsed: 12 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Adwcleaner

 

# AdwCleaner v5.028 - Logfile created 11/01/2016 at 12:51:00
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Michael - MICHAEL-HP
# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[x] Service Not Deleted : CouponPrinterService

***** [ Folders ] *****

[x] Folder Not Deleted : C:\Program Files (x86)\Coupons
[x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1195 bytes] ##########

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Michael (Administrator) on Mon 01/11/2016 at 14:58:54.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 33

Failed to delete: C:\Program Files (x86)\coupons (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{0A482668-B82D-49AD-9EF9-154B6A9C5B3A} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{12282F58-B2BA-4C87-BB2D-BD603FB98A83} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{15438E2A-BF06-4556-8AB9-0626F97F7622} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{1FC8319A-E9AC-4A09-AA8A-702B09A85E7A} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{3E7C01A6-624B-415F-86E2-D63056D0EF06} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{3F9BDC94-9187-49B3-A428-27BBCF71CDFA} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{435BF746-F30A-4D8B-8444-45446A5A709D} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{96896322-1459-480C-9736-2FF76ADD3D85} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{BEBE3FDF-6E29-4793-8EC0-56BD9519CE44} (Empty Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\{E770B07C-570D-4D7C-87F4-20E9684DE330} (Empty Folder)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\143NTRZF (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FZE6JPH (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A18VBGQD (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMH4S1PG (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BN4VVK81 (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BO5Y5NDZ (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXIKS6ZB (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZYQVEV8 (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT22211U (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K192GS9G (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ2XAGOA (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTOLE47I (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LK0V9NKC (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4API2T7 (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCRMGI83 (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIL7JR88 (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SO364I0J (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNKSNXUK (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMHMIJXQ (Folder)
Successfully deleted: C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMO8SDGJ (Folder)

 

Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1EABE305-EE57-4491-B2A5-30393E9DA13D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{1EABE305-EE57-4491-B2A5-30393E9DA13D} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/11/2016 at 15:00:37.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

A note on the ESET scan .... still running the scan..... 6 hours .... 28% scanned .... 4 threats so far........ will post log once it completes.



#4 buddy215

buddy215

  • BC Advisor
  • 12,911 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:49 PM

Posted 11 January 2016 - 10:04 PM

Okay...after you have posted what Eset found and removed...do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

It seems you use only the IE browser. Post its startup list along with the three above. Click on Tools > Startups > at the top of that page click on IE. Use

the button at the bottom right to copy and paste that list of startups in the IE browser.


Edited by buddy215, 11 January 2016 - 10:08 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 12 January 2016 - 08:23 PM

Had a power outage while running the Eset scan......... however - it was at 11 hours and only 31% complete ???  Should this be taking so long ??

Here are threats found so far:

 

C:\FRST\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk.xBAD LNK/Agent.BS trojan
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Mozilla Firefox\updated\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Users\Michael\Documents\Exe and DLs\pal_install_iron_r132089.exe a variant of Win32/InstallCore.ACZ potentially unwanted application

 

 

Also....... here are the other 3 you asked for:

 

Startup:

 

Yes HKCU:Run BingSvc © 2015 Microsoft Corporation C:\Users\Michael\AppData\Local\Microsoft\BingSvc\BingSvc.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BeatsOSDApp Hewlett-Packard  C:\Program Files\IDT\WDM\beats64.exe
Yes HKLM:Run HP Software Update Hewlett-Packard c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpsysdrv Hewlett-Packard c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run LifeCam Microsoft Corporation "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
Yes HKLM:Run Norton Online Backup Symantec Corporation C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run PDF Complete PDF Complete Inc C:\Program Files (x86)\PDF Complete\pdfsty.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run Sound Blaster Recon3D PCIe Control Panel Creative Technology Ltd "C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
Yes HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Yes Startup User GigaTribe.lnk Gigatribe C:\Program Files (x86)\GigaTribe\gigatribe.exe
Yes Startup User PalTalk.lnk AVM Software Inc. C:\Program Files (x86)\Paltalk Messenger\paltalk.exe

 

Scheduled Tasks:

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task {22A0C4FE-E719-4A80-AD06-6CF11D3BDFD3} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Michael\Downloads\ASIO4ALL_2_11_Beta1_English.exe -d C:\Users\Michael\Downloads
Yes Task {50616899-3BF9-45AD-8F81-DC01CCB4545F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Documents\Exe and DLs\Cisco Systems\VPN Client\autoinstall.exe" -d "C:\Users\Michael\Documents\Exe and DLs\Cisco Systems\VPN Client"
Yes Task {5778B7CF-7D4A-4206-B06F-9A61D02F1C19} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Documents\Exe and DLs\ftop3.exe" -d "C:\Users\Michael\Documents\Exe and DLs"
Yes Task {79BD6A89-68BA-44B4-A789-072061F6879E} Creative Technology Ltd C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
Yes Task {7B6FCCA2-9C23-4954-B4DC-CC52110E1653} Creative Technology Ltd C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
Yes Task {CEF43000-9307-4123-8F41-1C6D13FE9796} Creative Technology Ltd C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe

 

Installed:

 

Adobe AIR Adobe Systems Incorporated 1/24/2012  2.6.0.19120
Adobe Audition 1.5 Adobe Systems 4/17/2012 41.4 MB 1.5
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 1/2/2016 17.6 MB 20.0.0.270
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 1/8/2016 18.1 MB 20.0.0.279
Adobe Reader XI (11.0.08) Adobe Systems Incorporated 8/14/2014 182 MB 11.0.08
Apple Application Support Apple Inc. 8/12/2013 64.7 MB 2.3.4
Apple Mobile Device Support Apple Inc. 8/12/2013 25.2 MB 6.1.0.13
Apple Software Update Apple Inc. 4/27/2012 2.38 MB 2.1.3.127
ASIO4ALL Michael Tippach 4/17/2012  2.11 Beta1
BB FlashBack Express Blueberry 4/4/2013  4.1.4.2665
Bing Bar Microsoft Corporation 1/24/2012 26.7 MB 7.0.826.0
Blio K-NFB Reading Technology, Inc. 1/24/2012 38.5 MB 2.2.8188
Bluetooth by hp Broadcom Corporation 1/24/2012 184 MB 6.3.0.8200
Bonjour Apple Inc. 4/27/2012 2.00 MB 3.0.0.10
Bubble Wrap XM Asia Pacific Pte Ltd 1/24/2012 2.19 MB 1.0.0.0
CCleaner Piriform 1/11/2016  5.13
Coupon Printer for Windows Coupons.com Incorporated 1/21/2015  5.0.1.4
Creative Music Server Creative Technology Limited 4/21/2012  1.01
Creative System Information Creative Technology Limited 7/19/2012  1.10
Dolby Digital Live Pack Creative Technology Limited 7/18/2012  3.03
ESET Online Scanner v3  8/1/2014  
Facebook Hewlett-Packard 1/24/2012 13.7 MB 1.1.0004
Facebook for HP TouchSmart Hewlett-Packard 1/24/2012 13.7 MB 1.1.0004
Fire Talk New Fire Talk New 6/20/2014  2.0.0.188
GigaTribe 3.04.012 GigaTribe SAS 10/3/2013 43.1 MB 
HP Application Assistant Hewlett-Packard 1/24/2012 4.77 MB 1.0.393.3870
HP Calendar Hewlett-Packard 1/24/2012 11.0 MB 5.1.4245.23508
HP Clock Hewlett-Packard 1/24/2012 378 KB 5.1.4244.16367
HP Games WildTangent 1/24/2012  1.0.2.5
HP LinkUp Hewlett-Packard 1/24/2012 71.7 MB 2.01.029
HP Magic Canvas Hewlett-Packard 1/24/2012 124 MB 5.1.15.0
HP Magic Canvas Hewlett-Packard 1/24/2012  5.1.15.0
HP Magic Canvas Tutorials Hewlett-Packard 1/24/2012 4.91 MB 5.0.0.3
HP MovieStore Hewlett-Packard Company 1/24/2012 80.0 MB 2.1.21091.0
HP Notes Hewlett-Packard 1/24/2012 37.9 MB 5.1.4274.30382
HP Odometer Hewlett-Packard 1/24/2012 48.0 KB 2.10.0000
HP RSS Hewlett-Packard 1/24/2012 2.82 MB 5.1.4289.23799
HP Setup Hewlett-Packard Company 1/24/2012 51.5 MB 9.0.15130.3904
HP Setup Manager Hewlett-Packard Company 1/24/2012 8.69 MB 1.2.15145.3905
HP Support Assistant Hewlett-Packard Company 1/24/2012 65.0 MB 6.1.12.1
HP Support Assistant Hewlett-Packard Company 1/24/2012  6.1.12.1
HP Support Information Hewlett-Packard 1/24/2012 1.68 MB 11.00.0001
HP TouchSmart Background - Beats Hewlett-Packard 1/24/2012 1.23 MB 1.0.1.0
HP TouchSmart RecipeBox Hewlett-Packard 1/24/2012 43.6 MB 3.0.3830.27730
HP TouchSmart RecipeBox Hewlett-Packard 1/24/2012  3.0.3830.27730
HP Update Hewlett-Packard 1/24/2012 3.98 MB 5.003.001.001
HP Vision Hardware Diagnostics Hewlett-Packard 1/24/2012 12.1 MB 2.12.1.0
HP Weather Hewlett-Packard 1/24/2012 2.20 MB 5.1.4245.22595
iTunes Apple Inc. 8/12/2013 187 MB 11.0.4.4
Kobo Kobo Inc. 1/24/2012  2.0.3
LabelPrint CyberLink Corp. 1/24/2012 229 MB 2.5.4507
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 1/11/2016 66.0 MB 2.2.0.1024
Metric Converter XM Asia Pacific Pte Ltd 1/24/2012 2.58 MB 1.0.0.0
Microsoft .NET Framework 4.5.1 Microsoft Corporation 5/15/2014 38.8 MB 4.5.50938
Microsoft LifeCam Microsoft Corporation 9/14/2012 32.8 MB 3.60.253.0
Microsoft Mathematics Microsoft Corporation 4/14/2012 17.5 MB 4.0
Microsoft Office Click-to-Run 2010 Microsoft Corporation 4/26/2012  14.0.4763.1000
Microsoft Office Professional Plus 2013 Microsoft Corporation 12/21/2015  15.0.4420.1017
Microsoft Office Starter 2010 - English Microsoft Corporation 4/26/2012  14.0.5139.5005
Microsoft Silverlight Microsoft Corporation 10/1/2015 298 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 1/24/2012 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 7/26/2012 298 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2/11/2011 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2/11/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 1/24/2012 784 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 7/26/2012 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2/11/2011 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 1/24/2012 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/26/2012 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 Microsoft Corporation 8/2/2012 13.7 MB 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 8/2/2012 11.0 MB 10.0.30319
Mozilla Firefox 25.0.1 (x86 en-US) Mozilla 11/23/2013 48.8 MB 25.0.1
Mozilla Maintenance Service Mozilla 11/23/2013 221 KB 25.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 7/26/2012 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 7/26/2012 1.33 MB 4.20.9876.0
Norton Online Backup Symantec Corporation 1/24/2012 6.19 MB 2.1.17869
NVIDIA 3D Vision Controller Driver 335.21 NVIDIA Corporation 3/27/2014  335.21
NVIDIA 3D Vision Driver 335.23 NVIDIA Corporation 3/27/2014  335.23
NVIDIA GeForce Experience 1.8.2.1 NVIDIA Corporation 3/27/2014  1.8.2.1
NVIDIA Graphics Driver 335.23 NVIDIA Corporation 3/27/2014  335.23
NVIDIA HD Audio Driver 1.3.30.1 NVIDIA Corporation 3/27/2014  1.3.30.1
NVIDIA PhysX System Software 9.13.1220 NVIDIA Corporation 3/27/2014  9.13.1220
NVIDIA Virtual Audio 1.2.20 NVIDIA Corporation 3/27/2014  1.2.20
Paltalk Emotes (With Stickers) China-Cheats.com 3/20/2015 7.43 MB 4.0
Paltalk Messenger  11.7 AVM Software Inc. 12/14/2015  11.7.630.17743
PDF Complete Special Edition PDF Complete, Inc 1/24/2012  4.0.65
PlayReady PC Runtime amd64 Microsoft Corporation 1/24/2012 2.05 MB 1.3.0
PlayReady PC Runtime x86 Microsoft Corporation 1/24/2012 1.65 MB 1.3.0
Power2Go CyberLink Corp. 1/24/2012 175 MB 6.1.5706
PressReader  NewspaperDirect Inc. 1/24/2012 9.28 MB 5.11.0721.0
RAIDXpert AMD 1/24/2012 117 MB 3.3.1540.9
Remote Graphics Receiver Hewlett-Packard 1/24/2012  5.4.5
Skype Click to Call Microsoft Corporation 10/14/2015 13.1 MB 7.5.0.9082
Skype™ 7.0 Skype Technologies S.A. 7/13/2015 47.9 MB 7.0.102
Sound Blaster Recon3D PCIe Creative Technology Limited 7/19/2012 131 MB 1.00.14
Sound Blaster Recon3D PCIe Extras Creative Technology Limited 7/19/2012  1.0
Spot XM Asia Pacific Pte Ltd 1/24/2012 5.28 MB 1.0.0.0
Vidyo Desktop 2.2.0 Vidyo Inc. 11/23/2013  2.2.0
Windows Live Essentials Microsoft Corporation 1/24/2012  15.4.3538.0513
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 1/24/2012 5.57 MB 15.4.5722.2
Winmx Community 1  9/4/2012  
Zinio Reader 4 Zinio LLC 1/24/2012  4.2.4164
 

 

IE Startup:

 

Yes Extension Blog This Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
No Extension Lync Click to Call Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
No Extension Lync Click to Call Microsoft Corporation C:\Program Files\Microsoft Office\Office15\OCHelper.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Yes Extension PalTalk AVM Software Inc. C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
Yes Extension Send To Bluetooth  c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
Yes Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Yes Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
Yes Helper Bing Bar Helper Microsoft Corporation. "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
No Helper Lync Browser Helper Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
No Helper Lync Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office\Office15\OCHelper.dll
No Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
No Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL
No Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
No Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL
No Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
No Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Yes Toolbar Bing Bar Microsoft Corporation. "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
 

 

Please advise further as what to do about the eset scan.

Thank you

 



#6 buddy215

buddy215

  • BC Advisor
  • 12,911 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:49 PM

Posted 12 January 2016 - 10:17 PM

Eset can take a long time and I do think it is necessary. You can let it run over night. You likely have a large volume of data or system resources are small or

something else is using up resources. Suggest closing all programs before running.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right.

Yes HKCU:Run BingSvc © 2015 Microsoft Corporation C:\Users\Michael\AppData\Local\Microsoft\BingSvc\BingSvc.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BeatsOSDApp Hewlett-Packard  C:\Program Files\IDT\WDM\beats64.exe
Yes HKLM:Run HP Software Update Hewlett-Packard c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

Yes HKLM:Run PDF Complete PDF Complete Inc C:\Program Files (x86)\PDF Complete\pdfsty.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe

Yes HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE

Yes Startup User GigaTribe.lnk Gigatribe C:\Program Files (x86)\GigaTribe\gigatribe.exe
Yes Startup User PalTalk.lnk AVM Software Inc. C:\Program Files (x86)\Paltalk Messenger\paltalk.exe

 

Disable these Scheduled Tasks:

Yes Task {22A0C4FE-E719-4A80-AD06-6CF11D3BDFD3} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Michael\Downloads\ASIO4ALL_2_11_Beta1_English.exe -d C:\Users\Michael\Downloads
Yes Task {50616899-3BF9-45AD-8F81-DC01CCB4545F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Documents\Exe and DLs\Cisco Systems\VPN Client\autoinstall.exe" -d "C:\Users\Michael\Documents\Exe and DLs\Cisco Systems\VPN Client"
Yes Task {5778B7CF-7D4A-4206-B06F-9A61D02F1C19} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Documents\Exe and DLs\ftop3.exe" -d "C:\Users\Michael\Documents\Exe and DLs"
Yes Task {79BD6A89-68BA-44B4-A789-072061F6879E} Creative Technology Ltd C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
Yes Task {7B6FCCA2-9C23-4954-B4DC-CC52110E1653} Creative Technology Ltd C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
Yes Task {CEF43000-9307-4123-8F41-1C6D13FE9796} Creative Technology Ltd C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe

 

Disable these IE Startups:  (suggest doing this in the IE settings) You can reenable easily if needed)

Yes Extension Blog This Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Yes Extension PalTalk AVM Software Inc. C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
Yes Extension Send To Bluetooth  c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
Yes Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Yes Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
Yes Helper Bing Bar Helper Microsoft Corporation. "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

Yes Toolbar Bing Bar Microsoft Corporation. "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
 

Uninstall these programs:

Adobe AIR Adobe Systems Incorporated 1/24/2012  2.6.0.19120
Adobe Audition 1.5 Adobe Systems 4/17/2012 41.4 MB 1.5

Adobe Reader XI (11.0.08) Adobe Systems Incorporated 8/14/2014 182 MB 11.0.08 (Or Update...old Adobe programs are malware magnets)

Bing Bar Microsoft Corporation 1/24/2012 26.7 MB 7.0.826.0

Coupon Printer for Windows Coupons.com Incorporated 1/21/2015  5.0.1.4

Mozilla Firefox 25.0.1 (x86 en-US) Mozilla 11/23/2013 48.8 MB 25.0.1 (OR UPDATE...)
Mozilla Maintenance Service Mozilla 11/23/2013 221 KB 25.0.1

Skype Click to Call Microsoft Corporation 10/14/2015 13.1 MB 7.5.0.9082 (unless you actually click on phone numbers in ads)

Windows Live Essentials Microsoft Corporation 1/24/2012  15.4.3538.0513 (no longer supported)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 14 January 2016 - 08:58 PM

ok.... completed above instructions - started Eset again - let it run all night - and all day !!

19 hours.....over 3.7 million files scanned so far - 9 threats quarantined - and STILL only at 31% complete.  Had to stop it.  At this rate this scan will take a week to complete - that can't be right.....surely.

 

What am I doing wrong ?



#8 buddy215

buddy215

  • BC Advisor
  • 12,911 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:49 PM

Posted 14 January 2016 - 11:25 PM

That's a lot of files....

You can post what Eset found. The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

 

 

Use the program below to scan.

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the malware scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

 

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 15 January 2016 - 09:10 AM

Here is the Eset log:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# end=init
# utc_time=2016-01-11 08:04:57
# local_time=2016-01-11 03:04:57 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27593
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# end=updated
# utc_time=2016-01-11 08:08:16
# local_time=2016-01-11 03:08:16 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# engine=27593
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-12 01:31:15
# local_time=2016-01-11 08:31:15 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 14844310 204105725 0 0
# scanned=482568
# found=4
# cleaned=0
# scan_time=19378
sh=7FE85CA288356308F0C10A77788C87E0C58EFC26 ft=0 fh=0000000000000000 vn="LNK/Agent.BS trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk.xBAD"
sh=98BB61409B2A3729A81A418627847CA34750CDA1 ft=1 fh=c4a70072425fc364 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=98BB61409B2A3729A81A418627847CA34750CDA1 ft=1 fh=c4a70072425fc364 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\updated\browser\plugins\npMozCouponPrinter.dll"
sh=5350999DF55442D9C43D0F8E036F7724D8DEC513 ft=1 fh=5ff829a0c5b8153b vn="a variant of Win32/InstallCore.ACZ potentially unwanted application" ac=I fn="C:\Users\Michael\Documents\Exe and DLs\pal_install_iron_r132089.exe"
Update Init
Update Download
Update Finalize
Updated modules version: 27605
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# end=init
# utc_time=2016-01-13 03:51:01
# local_time=2016-01-13 10:51:01 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27626
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# end=updated
# utc_time=2016-01-13 03:51:56
# local_time=2016-01-13 10:51:56 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# engine=27626
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-14 01:24:08
# local_time=2016-01-13 08:24:08 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15016683 204278098 0 0
# scanned=1652972
# found=8
# cleaned=0
# scan_time=34331
sh=7FE85CA288356308F0C10A77788C87E0C58EFC26 ft=0 fh=0000000000000000 vn="LNK/Agent.BS trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk.xBAD"
sh=98BB61409B2A3729A81A418627847CA34750CDA1 ft=1 fh=c4a70072425fc364 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=0B6D3B39782F41D55F38FE88B200144F29D3EE1F ft=1 fh=d10e7ff18f064936 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Program Files (x86)\Paltalk Messenger\ApnOC.dll"
sh=C98F041F2E590541BF58A4318E92C0617427A6CE ft=1 fh=f97637e090000e40 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Michael\Desktop\ccsetup513.exe"
sh=601240C34EA20E6F1B8BAED3A230BE68E82E88E0 ft=1 fh=2f29df1a3555f134 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\Exe and DLs\pal_install_beta.exe"
sh=1FF63730C0521622D05C7A859A787EA639B03E04 ft=1 fh=769305746a733880 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\Exe and DLs\pal_install_r132144.exe"
sh=FA174424FD41763CD308683F7275554838E11E72 ft=1 fh=87000b772ef0377e vn="a variant of MSIL/HackKMS.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\GigaTribe Downloads\matchead\Microsoft Office Professional Plus (x86) 2013 Incl  Activator  P2P\Microsoft Toolkit.exe"
sh=81882C4C93E73E091C3596101A9D44EBA599892B ft=1 fh=3b36a7fe5c950323 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\GigaTribe Downloads\matchead\SuperHideIP.3.2.4.8\SuperHideIP.3.2.4.8\SuperHideIP-3.2.4.8.Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# end=init
# utc_time=2016-01-14 06:17:57
# local_time=2016-01-14 01:17:57 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27635
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# end=updated
# utc_time=2016-01-14 06:18:39
# local_time=2016-01-14 01:18:39 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4b6bb7f0322d914c94d6c2a4922d05c5
# engine=27635
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2016-01-15 01:30:18
# local_time=2016-01-14 08:30:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15103453 204364868 0 0
# scanned=3712426
# found=9
# cleaned=0
# scan_time=69099
sh=7FE85CA288356308F0C10A77788C87E0C58EFC26 ft=0 fh=0000000000000000 vn="LNK/Agent.BS trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk.xBAD"
sh=98BB61409B2A3729A81A418627847CA34750CDA1 ft=1 fh=c4a70072425fc364 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=0B6D3B39782F41D55F38FE88B200144F29D3EE1F ft=1 fh=d10e7ff18f064936 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Program Files (x86)\Paltalk Messenger\ApnOC.dll"
sh=C98F041F2E590541BF58A4318E92C0617427A6CE ft=1 fh=f97637e090000e40 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Michael\Desktop\ccsetup513.exe"
sh=601240C34EA20E6F1B8BAED3A230BE68E82E88E0 ft=1 fh=2f29df1a3555f134 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\Exe and DLs\pal_install_beta.exe"
sh=1FF63730C0521622D05C7A859A787EA639B03E04 ft=1 fh=769305746a733880 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\Exe and DLs\pal_install_r132144.exe"
sh=FA174424FD41763CD308683F7275554838E11E72 ft=1 fh=87000b772ef0377e vn="a variant of MSIL/HackKMS.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\GigaTribe Downloads\matchead\Microsoft Office Professional Plus (x86) 2013 Incl  Activator  P2P\Microsoft Toolkit.exe"
sh=81882C4C93E73E091C3596101A9D44EBA599892B ft=1 fh=3b36a7fe5c950323 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Michael\Documents\GigaTribe Downloads\matchead\SuperHideIP.3.2.4.8\SuperHideIP.3.2.4.8\SuperHideIP-3.2.4.8.Setup.exe"
sh=634088CFF61A58D13C3EC5DE74F0C304665CFFF9 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHM trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\kgpsr[1].htm"

 

Running Emsisoft and Mini next.
 



#10 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 15 January 2016 - 09:22 AM

Emsisoft log:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 1/15/2016 9:15:12 AM
User account: Michael-HP\Michael

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 1/15/2016 9:17:16 AM
C:\Program Files (x86)\coupons  detected: Application.AppInstall (A)

Scanned 75299
Found 1

Scan end: 1/15/2016 9:20:16 AM
Scan time: 0:03:00

C:\Program Files (x86)\coupons Quarantined Application.AppInstall (A)

Quarantined 1



#11 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 15 January 2016 - 09:26 AM

MiniToolBox log:

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Michael (administrator) on 15-01-2016 at 09:24:36
Running from "C:\Users\Michael\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: h8-1220 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Broadcom WLAN Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?E$ subinterface=ethernet_9 mtu=1477

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Michael-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-8E-2D-FC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom WLAN Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-8E-2D-FC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 50-E5-49-D5-E3-19
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2607:fcc8:b945:e00:119d:4af:c720:6a16(Preferred)
   Temporary IPv6 Address. . . . . . : 2607:fcc8:b945:e00:4197:47bf:480c:2fd9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::119d:4af:c720:6a16%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, January 15, 2016 8:34:43 AM
   Lease Expires . . . . . . . . . . : Friday, January 15, 2016 10:04:43 AM
   Default Gateway . . . . . . . . . : fe80::5665:deff:fe00:3ea7%13
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 273737033
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-B1-22-23-50-E5-49-D5-E3-19
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{DF142E93-FFB4-4B09-8121-D09AFE5B13D1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4A4E4F91-90B4-4D9C-962B-E6B6FA677C65}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{57B8CA96-F449-4911-AD8F-5784F106EF94}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4001:c06::8b
   74.125.193.101
   74.125.193.139
   74.125.193.100
   74.125.193.138
   74.125.193.113
   74.125.193.102

Pinging google.com [2607:f8b0:4001:c06::8b] with 32 bytes of data:
Reply from 2607:f8b0:4001:c06::8b: time=55ms
Reply from 2607:f8b0:4001:c06::8b: time=58ms

Ping statistics for 2607:f8b0:4001:c06::8b:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 58ms, Average = 56ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
   2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=63ms
Reply from 2001:4998:58:c02::a9: time=65ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 65ms, Average = 64ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...9c b7 0d 8e 2d fc ......Microsoft Virtual WiFi Miniport Adapter
 14...9c b7 0d 8e 2d fc ......Broadcom WLAN Adapter
 13...50 e5 49 d5 e3 19 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    266
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    266 ::/0                     fe80::5665:deff:fe00:3ea7
  1    306 ::1/128                  On-link
 13     18 2607:fcc8:b945:e00::/64  On-link
 13    266 2607:fcc8:b945:e00:119d:4af:c720:6a16/128
                                    On-link
 13    266 2607:fcc8:b945:e00:4197:47bf:480c:2fd9/128
                                    On-link
 13    266 fe80::/64                On-link
 13    266 fe80::119d:4af:c720:6a16/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****

 

Awaiting further instructions



#12 buddy215

buddy215

  • BC Advisor
  • 12,911 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:49 PM

Posted 15 January 2016 - 11:04 AM

Because of what Eset found I suggest you start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 matchead

matchead
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 15 January 2016 - 12:34 PM

will do - thank you.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 PM

Posted 15 January 2016 - 01:03 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users