Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious behaviour on laptop after visiting questionable websites


  • This topic is locked This topic is locked
18 replies to this topic

#1 The_Atomik_Punk!

The_Atomik_Punk!

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 06 June 2016 - 02:23 PM

As the title states, after visiting some potentially dangerous websites, my laptop is acting a little strange. I'm concerned that a trojan virus or the like may be capturing my data/passwords. I would greatly appreciate any assistance! Below is my generated  FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Oracle (administrator) on ORACLE-PC (06-06-2016 15:14:36)
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Avid Technology, Inc..) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(PDE Publications Limited) C:\Program Files (x86)\Driver Downloader\DDTray.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Spotify Ltd) C:\Users\Oracle\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-16] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-10-02] (Avid Technology, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546096 2011-11-03] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\...\Run: [Google Update] => C:\Users\Oracle\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-05-18] (Google Inc.)
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\...\Run: [Spotify Web Helper] => C:\Users\Oracle\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oracle\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-03-07]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{429065A0-468C-4207-BBD9-0979D4149EE9}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{793E525D-79A8-47BA-AADF-9F68A752430C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A45F9175-C762-4A88-9889-4DB3E60A42AF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-ca-e
HKU\S-1-5-21-1473783762-3503634554-1593080487-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-1473783762-3503634554-1593080487-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-1473783762-3503634554-1593080487-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e
HKU\S-1-5-21-1473783762-3503634554-1593080487-1006\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-ca-e
SearchScopes: HKU\S-1-5-21-1473783762-3503634554-1593080487-1001 -> DefaultScope {FFC57204-6EB1-4E51-923E-436C5361A7B3} URL =
SearchScopes: HKU\S-1-5-21-1473783762-3503634554-1593080487-1001 -> {FFC57204-6EB1-4E51-923E-436C5361A7B3} URL =
SearchScopes: HKU\S-1-5-21-1473783762-3503634554-1593080487-1006 -> {FFC57204-6EB1-4E51-923E-436C5361A7B3} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Oracle\AppData\Roaming\Mozilla\Firefox\Profiles\hq8w981r.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1473783762-3503634554-1593080487-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Oracle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-1473783762-3503634554-1593080487-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Oracle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1473783762-3503634554-1593080487-1001: @talk.google.com/O1DPlugin -> C:\Users\Oracle\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1473783762-3503634554-1593080487-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Oracle\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1473783762-3503634554-1593080487-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Oracle\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Oracle\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oracle\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Disconnect - C:\Users\Oracle\AppData\Roaming\Mozilla\Firefox\Profiles\hq8w981r.default\extensions\2.0@disconnect.me.xpi [2016-04-30]
FF Extension: HTTPS-Everywhere - C:\Users\Oracle\AppData\Roaming\Mozilla\Firefox\Profiles\hq8w981r.default\extensions\https-everywhere@eff.org [2016-05-11]
FF Extension: FireShot - C:\Users\Oracle\AppData\Roaming\Mozilla\Firefox\Profiles\hq8w981r.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-06-04]
FF Extension: Bluhell Firewall - C:\Users\Oracle\AppData\Roaming\Mozilla\Firefox\Profiles\hq8w981r.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-01-20]
FF Extension: Adblock Plus - C:\Users\Oracle\AppData\Roaming\Mozilla\Firefox\Profiles\hq8w981r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Search) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Gmail) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-13] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-27] (Creative Technology Ltd) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 1999-12-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 MobilePreIIAudioDevMon; C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [1923592 2010-06-21] (M-Audio)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-04-08] (CyberLink)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3364720 2012-07-23] (Qualcomm Atheros, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-27] (Creative Technology Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MAUSBMOBILEPREII; C:\Windows\System32\DRIVERS\MAudioMobilePreII.sys [484360 2010-06-21] (M-Audio)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-12-28] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-06-21] (NVIDIA Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-06 15:14 - 2016-06-06 15:15 - 00026043 _____ C:\Users\Oracle\Desktop\FRST.txt
2016-06-06 15:14 - 2016-06-06 15:14 - 00000000 ____D C:\FRST
2016-06-06 15:13 - 2016-06-06 15:13 - 02384896 _____ (Farbar) C:\Users\Oracle\Desktop\FRST64.exe
2016-06-06 14:53 - 2016-06-06 14:53 - 00001003 _____ C:\Users\Oracle\Desktop\JRT.txt
2016-06-06 14:43 - 2016-06-06 14:43 - 00000000 ___RD C:\Users\Oracle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-06-06 14:39 - 2016-06-06 14:39 - 03677248 _____ C:\Users\Oracle\Desktop\adwcleaner_5.119.exe
2016-05-29 19:41 - 2016-05-29 19:41 - 51777995 _____ C:\Users\Oracle\Downloads\DATING DEALBREAKER (Q&A).mp4
2016-05-23 23:22 - 2016-05-23 23:22 - 00194821 _____ C:\Users\Oracle\Documents\ODS-RaskolApparel-Proposal-05-21-16_encrypted_.pdf
2016-05-22 22:37 - 2016-05-23 20:22 - 00014546 _____ C:\Users\Oracle\Documents\Online Coaching Payments.ods
2016-05-20 21:10 - 2016-05-20 23:37 - 00011866 _____ C:\Users\Oracle\Documents\Topics With Jazz.odt
2016-05-20 21:05 - 2016-05-20 21:06 - 85048894 _____ C:\Users\Oracle\Downloads\CREATINE 101_ THE BASICS (Loading, Timing, Amount, Type, Best Creatine etc).mp4
2016-05-20 12:24 - 2016-05-20 12:24 - 00008700 _____ C:\Users\Oracle\Documents\Shirts For Mark Bell'.odt
2016-05-09 20:07 - 2016-05-09 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-06 14:50 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-06 14:50 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-06 14:49 - 2016-03-01 17:50 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1473783762-3503634554-1593080487-1001.job
2016-06-06 14:47 - 2009-07-14 01:13 - 00006214 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-06 14:45 - 2014-06-19 12:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-06 14:44 - 2015-11-18 06:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-06 14:43 - 2015-08-03 00:35 - 00000000 __SHD C:\Users\Oracle\IntelGraphicsProfiles
2016-06-06 14:43 - 2013-03-07 16:36 - 00000000 ____D C:\ProgramData\Bigfoot Networks
2016-06-06 14:43 - 2012-12-21 17:10 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-06-06 14:43 - 2012-12-21 17:10 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-06-06 14:43 - 2012-12-21 17:05 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2016-06-06 14:42 - 2014-06-19 12:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-06 14:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-06 14:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-06 14:41 - 2014-06-03 18:11 - 00000000 ____D C:\AdwCleaner
2016-06-06 14:39 - 2015-06-29 19:10 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473783762-3503634554-1593080487-1001UA.job
2016-06-06 14:11 - 2016-03-01 17:50 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1473783762-3503634554-1593080487-1001.job
2016-06-05 22:36 - 2015-08-03 00:27 - 00003242 _____ C:\Windows\System32\Tasks\Driver Downloader Schedule
2016-06-05 22:36 - 2015-08-03 00:27 - 00000000 ____D C:\Users\Oracle\AppData\Roaming\Driver Downloader
2016-06-03 12:24 - 2013-01-18 01:01 - 00000000 ____D C:\Users\Oracle\AppData\Local\ElevatedDiagnostics
2016-06-02 16:01 - 2012-12-28 20:41 - 00000000 ____D C:\Users\Oracle\AppData\Local\CrashDumps
2016-05-28 11:06 - 2009-07-14 01:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-26 20:39 - 2015-06-29 19:10 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473783762-3503634554-1593080487-1001Core.job
2016-05-26 19:57 - 2014-03-20 21:52 - 00000000 ____D C:\Users\Oracle\Documents\Raskol Apparel Designs
2016-05-25 15:46 - 2013-03-05 23:57 - 00000000 ____D C:\Users\Oracle\AppData\Roaming\Skype
2016-05-18 22:11 - 2016-03-01 17:50 - 00003694 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1473783762-3503634554-1593080487-1001
2016-05-18 22:11 - 2016-03-01 17:50 - 00003598 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1473783762-3503634554-1593080487-1001
2016-05-13 00:44 - 2016-01-01 21:44 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-13 00:44 - 2015-11-18 06:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 00:44 - 2012-12-21 16:38 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 00:44 - 2012-12-21 16:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 23:48 - 2013-04-08 12:54 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 23:48 - 2013-04-08 12:54 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-10 20:40 - 2014-06-19 12:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:40 - 2014-06-19 12:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 20:34 - 2015-06-29 19:10 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1473783762-3503634554-1593080487-1001UA
2016-05-10 20:34 - 2015-06-29 19:10 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1473783762-3503634554-1593080487-1001Core
2016-05-10 19:50 - 2012-12-28 19:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-09 16:00 - 2014-04-01 00:07 - 00027820 _____ C:\Users\Oracle\Documents\New Order Format With LaMar.odt
2016-05-09 15:33 - 2013-04-03 15:35 - 03151872 ___SH C:\Users\Oracle\Documents\Thumbs.db
2016-05-08 20:04 - 2013-01-22 11:32 - 00000000 ____D C:\Windows\Minidump

Some files in TEMP:
====================
C:\Users\Oracle\AppData\Local\Temp\libeay32.dll
C:\Users\Oracle\AppData\Local\Temp\msvcr120.dll
C:\Users\Oracle\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-29 16:36

==================== End of FRST.txt ============================

Attached File  Addition.txt   32.7KB   4 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 07 June 2016 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs > Programs and Features applet.
Driver Downloader v3.2 (HKLM-x32\...\Driver Downloader_is1) (Version: 3.2 - PDE Publications Limited)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(PDE Publications Limited) C:\Program Files (x86)\Driver Downloader\DDTray.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\ProgramData\Microsoft:d9tjnlSxKqfx98wE3ux [2492]
AlternateDataStreams: C:\ProgramData\Microsoft:SqBhRAhM4gQHjgc3biaC [2366]
AlternateDataStreams: C:\Users\Oracle\AppData\Local\Temp:Wigo4ELWYOOkFHVQnlAQl0S [2282]
AlternateDataStreams: C:\Users\Oracle\AppData\Local\ZZkQIzCAF6r5H:DXJYjS32PnLF9s2YlPMFCe [2378]
C:\Program Files (x86)\Driver Downloader
C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what probem persists.

#3 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 07 June 2016 - 04:37 PM

Below is the generated fixlog.tx generated by FRST. I will mention, however, that upon opening FRST this time, a prompt appeared which stated something to the effect of "failed to update (5)"

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Oracle (2016-06-07 17:13:03) Run:1
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(PDE Publications Limited) C:\Program Files (x86)\Driver Downloader\DDTray.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\ProgramData\Microsoft:d9tjnlSxKqfx98wE3ux [2492]
AlternateDataStreams: C:\ProgramData\Microsoft:SqBhRAhM4gQHjgc3biaC [2366]
AlternateDataStreams: C:\Users\Oracle\AppData\Local\Temp:Wigo4ELWYOOkFHVQnlAQl0S [2282]
AlternateDataStreams: C:\Users\Oracle\AppData\Local\ZZkQIzCAF6r5H:DXJYjS32PnLF9s2YlPMFCe [2378]
C:\Program Files (x86)\Driver Downloader
C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Driver Downloader\DDTray.exe => No running process found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => not found.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
catchme => service removed successfully
C:\ProgramData\Microsoft => ":d9tjnlSxKqfx98wE3ux" ADS removed successfully.
C:\ProgramData\Microsoft => ":SqBhRAhM4gQHjgc3biaC" ADS removed successfully.
C:\Users\Oracle\AppData\Local\Temp => ":Wigo4ELWYOOkFHVQnlAQl0S" ADS removed successfully.
C:\Users\Oracle\AppData\Local\ZZkQIzCAF6r5H => ":DXJYjS32PnLF9s2YlPMFCe" ADS removed successfully.
"C:\Program Files (x86)\Driver Downloader" => not found.
"C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 480.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:13:39 ====

 

 

 

 

Below is the logfile generated by AdwCleaner:

 

 

# AdwCleaner v5.119 - Logfile created 07/06/2016 at 17:24:10
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Oracle - ORACLE-PC
# Running from : C:\Users\Oracle\Desktop\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\SlimWare Utilities, Inc
[#] Folder Deleted : C:\ProgramData\Application Data\SlimWare Utilities, Inc
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Youtube Downloader
[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Users\Oracle\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Oracle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Youtube Downloader

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\Free Youtube Downloader.lnk
[-] File Deleted : C:\Users\Oracle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3467 bytes] - [06/06/2016 14:41:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [1675 bytes] - [07/06/2016 17:24:10]
C:\AdwCleaner\AdwCleaner[C4].txt - [13120 bytes] - [28/09/2015 17:54:37]
C:\AdwCleaner\AdwCleaner[R0].txt - [1102 bytes] - [03/06/2014 18:11:54]
C:\AdwCleaner\AdwCleaner[R1].txt - [1205 bytes] - [28/07/2014 18:48:59]
C:\AdwCleaner\AdwCleaner[R2].txt - [1258 bytes] - [08/08/2014 14:11:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1127 bytes] - [03/06/2014 18:12:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [6698 bytes] - [28/07/2014 18:49:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3607 bytes] - [08/08/2014 14:12:04]
C:\AdwCleaner\AdwCleaner[S4].txt - [12472 bytes] - [28/09/2015 17:53:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2334 bytes] ##########
 

 

 

 

Upon rebooting my laptop, I was prompted by my network monitoring program (Qualcomm Atheros Killer Network Manager) that something to the effect of "LFS not set. Would you like to reset?" This has been happening periodically ever since visiting that unsavory website, which is why I'm concerned there's something on my laptop trying to redirect my network data.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 08 June 2016 - 06:53 AM



(Qualcomm Atheros Killer Network Manager) that something to the effect of "LFS not set. Would you like to reset?"

This file is from a Linux operating system.

https://www.mail-archive.com/lfs-dev@lists.linuxfromscratch.org/msg01731.html

===

I have no experience with that Operating system.

I suggest you have help from one of the helpers in the Linux forum.
http://www.bleepingcomputer.com/forums/f/11/linux-unix/

===

Do you have any other issues with this computer?

#5 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 08 June 2016 - 12:47 PM

 

(Qualcomm Atheros Killer Network Manager) that something to the effect of "LFS not set. Would you like to reset?"

This file is from a Linux operating system.

https://www.mail-archive.com/lfs-dev@lists.linuxfromscratch.org/msg01731.html

===

I have no experience with that Operating system.

I suggest you have help from one of the helpers in the Linux forum.
http://www.bleepingcomputer.com/forums/f/11/linux-unix/

===

Do you have any other issues with this computer?

 

I'm not sure what you mean by that file is from a Linus operating system; my OS is Win 7 64 bit, always has been. This is clearly evidenced by looking at the beginning of my ADWCleaner and FRST logs.

 

As I've already stated at the outset of my OP, I'm not sure if I do in fact have something that spread to my laptop after visiting a dangerous website, but I suspect I might given the initial flurry of pop-ups that appeared after going to said website. That's the entire reason that I was looking for a malware expert to check some logs and guide me through some diagnostic tests to make sure nothing did in fact take root, as this is my work laptop, and highly sensitive financial information is stored on it.

 

Are there any further diagnostics you would have me run to ensure that my data is secure, or are you satisfied from viewing my FRST and ADwCleaner logs?


Edited by The_Atomik_Punk!, 08 June 2016 - 12:48 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 09 June 2016 - 06:45 AM


LFS may come from a game you play or have played.
Not necessary this one by the page refers to LFS...

===

Run these tools and clean everything that will be identified.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

#7 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 09 June 2016 - 07:40 PM

I'm sorry, I recollected incorrectly what was said on startup from my network program. I wrote it down this time: " The LSP was not mapped correctly. Would you like to re-map the LSP?"

 

Sorry about that, I was going from memory when I said LFS.

 

The link for the ESET scan doesn't seem to be working for me in IE; I simply cannot click on the scan button, or anything for that matter from the link.

 

Below is the generated ADwcleaner log:

 

# AdwCleaner v5.119 - Logfile created 09/06/2016 at 19:56:43
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Oracle - ORACLE-PC
# Running from : C:\Users\Oracle\Desktop\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Oracle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3467 bytes] - [06/06/2016 14:41:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [2413 bytes] - [07/06/2016 17:24:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [996 bytes] - [09/06/2016 19:56:43]
C:\AdwCleaner\AdwCleaner[C4].txt - [13120 bytes] - [28/09/2015 17:54:37]
C:\AdwCleaner\AdwCleaner[R0].txt - [1102 bytes] - [03/06/2014 18:11:54]
C:\AdwCleaner\AdwCleaner[R1].txt - [1205 bytes] - [28/07/2014 18:48:59]
C:\AdwCleaner\AdwCleaner[R2].txt - [1258 bytes] - [08/08/2014 14:11:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1127 bytes] - [03/06/2014 18:12:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [6698 bytes] - [28/07/2014 18:49:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3607 bytes] - [08/08/2014 14:12:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [1639 bytes] - [09/06/2016 19:55:34]
C:\AdwCleaner\AdwCleaner[S4].txt - [12472 bytes] - [28/09/2015 17:53:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1727 bytes] ##########
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 10 June 2016 - 08:18 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
CloseProcesses:

cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Is the problem persisting?

#9 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 10 June 2016 - 07:10 PM

Unfortunately the same message regarding LSP came up upon rebooting after running FRST. Below is the generated fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Oracle (2016-06-10 20:01:31) Run:2
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
CloseProcesses:

cmd: netsh winsock reset catalog

End
*****************

Restore point was successfully created.
Processes closed successfully.

=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:01:52 ====

 

 

 

Am I right in fearing that a third party element on my computer may be trying to redirect my LSP?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 11 June 2016 - 06:44 AM

The Winsock may have been tempered with.

How is the computer running now?
Any issues?

#11 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 14 June 2016 - 03:16 PM

Well, in terms of obvious issues, there appears to be none superficially, save for the LSP change prompt upon windows startup every few laptop boot-ups, which has not seemed to resolve itself.

 

Does this issue warrant further diagnostics in your opinion? Is my data secure?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 15 June 2016 - 07:53 AM


Download and run the fix from Microsoft
https://support.microsoft.com/en-ca/kb/299357

Under this heading.
For Windows 8.1, Windows 8, Windows RT, Windows 7, Windows Server 2012R2, Windows Server 2012, Windows Server 2008 R2

===

RESTART the computer normally when completed.

Keep me posted.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 21 June 2016 - 12:49 PM

This topic has been re-opened at the request of the person who originally posted.

#14 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 21 June 2016 - 08:15 PM

This topic has been re-opened at the request of the person who originally posted.

 

Thank you for the continued assistance, nasdaq.

 

I ran the fix from that link you provided, and everything appears nominal. Are there any final diagnostics that you'd recommend I run, or do you think I may be in the clear now regarding anything malicious on my laptop?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 22 June 2016 - 07:21 AM

One last check.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users