Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected? Removed tons of malware, but suspect there's more.


  • Please log in to reply
29 replies to this topic

#1 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 31 July 2016 - 10:03 PM

Hi, everyone,

I've been trying to clean out a HP desktop computer which is infested with malware. For some reason, my brother or a program uninstalled Avast Free Antivirus.

With the help of Adwcleaner, MalwareBytes Anti-Malware, avast!, ESET online scanner, Spybot — Search & Destroy, Emsisoft Emergency Kit, Bazooka Adware and Spyware Scanner, and HitmanPro, I've removed over twenty infected files and folders, malicious registry keys, tracking cookies, and malicious files. Most are PUPs and adware, but Avast found a Trojan which Microsoft Security Essentials detected when it was transferred to Avast's temp folder.

I also tried scanning with Zemana AntiMalware, which couldn't install, and TrendMicro Housecall, which stalled at 28%. The thing is, I tried scanning with ESET again yesterday, and it found four infected files. However, I couldn't remove them or even see what they were as the program stopped responding (tried twice). I then deleted ESET from my Downloads folder.

Also, I notice the computer is VERY slow. I know it has been slow ever since we bought it, but it's much worse now. I looked at this article, followed most of the instructions except dusting the inside of the computer.

One more thing — sometimes when I turn on the computer, I get a strange error message something like: "Windows can't open up this file". That applies to all files (including EXEs). A restart solves it. (I apologize for not taking a picture of the message!)

Would someone please help me make sure the computer is no longer infected? If you would like, I can attach the logs. (I'm not sure whether if I should be posting them here.)  

Thank you!

Computer specifications:

Model: HP p6536f connected to a HP 2310m monitor

Operating system: Windows7 Home Premium (64-bit)
 
Processor: Intel Pentium

HD size: 1 terabyte

System memory: 7 GB


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:54 PM

Posted 01 August 2016 - 05:06 AM

Welcome to BC....

 

Start by uninstalling all the programs you mentioned above except MBAM and Microsoft Essentials. Use Download Revo Uninstaller Freeware  to uninstall.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 01 August 2016 - 11:47 AM

Thank you, buddy215! I haven't done any work yet, but I will do some (hopefully) this afternoon.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#4 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 01 August 2016 - 01:59 PM

O.K., here are the logs you requested: ☺

******************************************************************************

Windows Startups

Yes    HKCU:Run    GlassWire    SecureMix LLC    "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
No    HKCU:Run    Google Update        "C:\Users\Bears\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes    HKCU:Run    HPAdvisorDock        C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
Yes    HKCU:Run    WinPatrol    Ruiware LLC    C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
Yes    HKLM:Run    @OnlineArmor GUI    Emsi Software GmbH    "C:\Program Files (x86)\Online Armor\OAui.exe"
Yes    HKLM:Run    Adobe Reader Speed Launcher    Adobe Systems Incorporated    "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes    HKLM:Run    EMET Agent    Microsoft Corporation    "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe"
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
No    HKLM:Run    HP Software Update    Hewlett-Packard    c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    hpsysdrv    Hewlett-Packard    c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    LWS    Logitech Inc.    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
Yes    HKLM:Run    lxdxamon    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe"
Yes    HKLM:Run    lxdxmon.exe    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"
Yes    HKLM:Run    MSC    Microsoft Corporation    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes    HKLM:Run    SmartMenu    Hewlett-Packard Company    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    Startup Common    HotSync Manager.lnk        C:\Users\owls\HOTSYNC.EXE
Yes    Startup Common    Microsoft Office.lnk    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
Yes    Startup Common    PictureMover.lnk    Hewlett-Packard Company    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

******************************************************************************

Scheduled Tasks

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    SafeZone scheduled Autoupdate 1469474360    Avast Software    C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes    Task    {32676462-CCF3-4742-B1A2-E696691C3252}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.10.0.115/en/abandoninstall?page=tsProgressBar
Yes    Task    {95AB63CD-711A-4AE3-8C68-1895548EDDA9}        C:\Program Files (x86)\Skype\\Phone\Skype.exe

******************************************************************************

Programs installed on my computer

Adobe Flash Player 21 NPAPI    Adobe Systems Incorporated    4/22/2016    19.0 MB    21.0.0.213
Adobe Reader 8.1.1    Adobe Systems Incorporated    11/26/2010    126 MB    8.1.1
Apple Application Support    Apple Inc.    2/11/2013    64.9 MB    2.3.2
Apple Mobile Device Support    Apple Inc.    2/11/2013    25.1 MB    6.0.1.3
Apple Software Update    Apple Inc.    8/16/2011    2.38 MB    2.1.3.127
Audacity 2.0    Audacity Team    5/10/2012    42.1 MB    
Avast Free Antivirus    AVAST Software    7/25/2016        12.1.2272
Bamboo    Wacom Technology Corp.    7/29/2011        5.2.4-6
Bonjour    Apple Inc.    9/20/2012    2.00 MB    3.0.0.10
Bullzip PDF Printer 7.1.0.1218    Bullzip    11/28/2010    8.83 MB    7.1.0.1218
CCleaner    Piriform    8/1/2016        5.20
CinemaNow Media Manager    CinemaNow, Inc.    6/28/2010    8.79 MB    1.9.1.105
Compatibility Pack for the 2007 Office system    Microsoft Corporation    10/11/2013    180 MB    12.0.6612.1000
CyberLink DVD Suite Deluxe    CyberLink Corp.    6/28/2010    36.5 MB    7.0.2712
doPDF 7.2 printer    Softland    10/6/2011    13.5 MB    
DVD Menu Pack for HP MediaSmart Video    Hewlett-Packard    6/28/2010    101 MB    4.0.3715
e-Sword    Rick Meyers    2/18/2012    73.5 MB    10.00.0007
EMET 4.0    Microsoft    10/1/2013    96.2 MB    4.0
GlassWire 1.2 (remove only)    SecureMix LLC    7/31/2016        1.2.71
GPL Ghostscript Lite 8.70        11/28/2010    12.8 MB    
Grandmaster Challenge        2/25/2012        1
Hardware Diagnostic Tools    PC-Doctor, Inc.    6/29/2010        6.0.5418.39
Homeschool Tracker Plus    TGHomeSoft    8/27/2011    25.4 MB    6.2.3
HP Games    WildTangent    6/29/2010        1.0.0.80
HP MediaSmart CinemaNow 2.0    Hewlett-Packard    6/29/2010    90.8 MB    2.0
HP MediaSmart DVD    Hewlett-Packard    6/28/2010    96.9 MB    4.0.3902
HP MediaSmart Music    Hewlett-Packard    6/28/2010    74.3 MB    4.0.3910
HP MediaSmart Photo    Hewlett-Packard    6/28/2010    223 MB    4.0.3911
HP MediaSmart SmartMenu    Hewlett-Packard    6/28/2010    2.02 MB    3.1.1.12
HP MediaSmart Video    Hewlett-Packard    6/28/2010    267 MB    4.0.3911
HP MediaSmart/TouchSmart Netflix    Hewlett-Packard    6/28/2010    9.61 MB    1.0.2.0
HP Odometer    Hewlett-Packard    6/28/2010    48.0 KB    2.10.0000
HP Setup    Hewlett-Packard    6/28/2010        1.2.4048.3310
HP Support Assistant    Hewlett-Packard    12/1/2010    20.9 MB    4.4.6.3
HP Support Information    Hewlett-Packard    6/28/2010    160 KB    10.1.0002
HP Update    Hewlett-Packard    6/28/2010    2.97 MB    5.002.003.003
Intel® Graphics Media Accelerator Driver    Intel Corporation    6/29/2010        8.15.10.2040
iTunes    Apple Inc.    2/11/2013    191 MB    11.0.1.12
Java 8 Update 31 (64-bit)    Oracle Corporation    2/14/2015    86.0 MB    8.0.310
LabelPrint    CyberLink Corp.    6/28/2010    230 MB    2.5.2610
LAME v3.99.3 (for Windows)        5/10/2012    1.52 MB    
Lexmark 3600-4600 Series    Lexmark International, Inc.    11/26/2010        
LightScribe System Software    LightScribe    6/28/2010    24.0 MB    1.18.11.1
Logitech Webcam Software    Logitech Inc.    2/12/2011        2.0
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    7/25/2016    66.8 MB    2.2.1.1043
Medialink MWN-USB150N    Medialink    2/11/2011        1.00.0000
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    4/26/2013    38.8 MB    4.0.30319
Microsoft .NET Framework 4 Extended    Microsoft Corporation    4/26/2013    51.9 MB    4.0.30319
Microsoft Office 2000 Small Business    Microsoft Corporation    11/26/2010    118 MB    9.00.2720
Microsoft Office PowerPoint Viewer 2007 (English)    Microsoft Corporation    10/11/2013    131 MB    12.0.6612.1000
Microsoft Security Essentials    Microsoft Corporation    1/16/2011        2.0.657.0
Microsoft Silverlight    Microsoft Corporation    2/14/2015    199 MB    5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    6/28/2010    1.72 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    4/27/2013    298 KB    8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    6/28/2010    708 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    6/28/2010    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    6/28/2010    788 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    4/27/2013    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    6/28/2010    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    6/28/2010    596 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    4/27/2013    600 KB    9.0.30729.6161
Microsoft Works    Microsoft Corporation    4/27/2013    166 MB    9.7.0621
Movie Theme Pack for HP MediaSmart Video    Hewlett-Packard    6/28/2010    429 MB    4.0.3715
MozBackup 1.4.10    Pavel Cvrcek    11/26/2010        
Mozilla Firefox 47.0.1 (x86 en-US)    Mozilla    7/25/2016    104 MB    47.0.1
Mozilla Maintenance Service    Mozilla    7/25/2016    341 KB    47.0.1.6018
Mozilla Thunderbird 17.0.6 (x86 en-US)    Mozilla    5/16/2013    43.0 MB    17.0.6
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    12/3/2010    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    12/3/2010    1.33 MB    4.20.9876.0
NJStar Chinese Word Processor        11/29/2010        
Online Armor 4.5    Emsi Software GmbH    11/27/2010    56.8 MB    4.5
OpenDNS Updater 2.2.1        10/8/2013        2.2.1
OpenOffice.org 3.2    OpenOffice.org    11/26/2010    367 MB    3.2.9502
Palm Desktop        1/6/2011        
PhotoNow!    CyberLink Corp.    6/28/2010    34.2 MB    1.1.6904
Picasa 3    Google, Inc.    11/27/2010        3.8
PictureMover    Hewlett-Packard Company    6/28/2010    50.8 MB    3.3.1.19
PlayReady PC Runtime amd64    Microsoft Corporation    6/28/2010    2.05 MB    1.3.0
Power2Go    CyberLink Corp.    6/28/2010    173 MB    6.1.3810
PowerDirector    CyberLink Corp.    6/28/2010    796 MB    8.0.2704
QuickTime    Apple Inc.    2/11/2013    73.1 MB    7.73.80.64
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    6/28/2010        6.0.1.6053
Revo Uninstaller 1.95    VS Revo Group    8/1/2016        1.95
Sophos Free Encryption 2.40.1    Sophos    12/4/2010    3.82 MB    2.40.1.1
TomTom HOME    TomTom    3/16/2013    48.9 MB    2.9.4
TomTom HOME Visual Studio Merge Modules    TomTom International B.V.    11/26/2010    1.88 MB    1.0.2
TP-LINK Wireless Client Utility    TP-LINK    3/16/2013        7.0
WebTablet IE Plugin    Wacom Technology Corp.    7/29/2011        1.1.0.7
WebTablet Netscape Plugin    Wacom Technology Corp.    7/29/2011        1.1.0.5
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)    FTDI    12/2/2010        02/17/2009 2.04.16
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)    FTDI    12/2/2010        02/17/2009 2.04.16
Windows Live Essentials    Microsoft Corporation    4/26/2013        16.4.3505.0912
Windows Live Sync    Microsoft Corporation    6/28/2010    2.78 MB    14.0.8089.726
WinPatrol    Ruiware    7/26/2016    2.92 MB    33.1.2015.0
WinZip    WinZip Computing, Inc.    11/26/2010         8.1  (4331)

******************************************************************************

Security Check Log

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 01.08.2016 14:37:01
Path starting: C:\Users\owls\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: owls
VersionXML: 3.26is-29.07.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 26.11.2010 21:37:19
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [920.1 Gb] Used: [181.5 Gb] Free: [738.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 10.0.9200.16721 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatic Updates disabled
Date install updates: 2013-10-12 03:02:20
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and up to date)
avast! Antivirus (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Online Armor Firewall (disabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (enabled and up to date)
Windows Defender (disabled and up to date)
avast! Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.2.0.657.0
Avast Free Antivirus v.12.1.2272
GlassWire 1.2 (remove only) v.1.2.71
Online Armor 4.5 v.4.5 Warning! This software is no longer supported. Please uninstall it and use another software.
Sophos Free Encryption 2.40.1 v.2.40.1.1
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
WinPatrol v.33.1.2015.0
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.30514.0 Warning! Download Update
Picasa 3 v.3.8 Warning! This software is no longer supported.
OpenOffice.org 3.2 v.3.2.9502 Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 31 (64-bit) v.8.0.310 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-x64.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.11.0.1.12 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.73.80.64 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service has stopped
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 21 NPAPI v.21.0.0.213 Warning! Download Update
Adobe Reader 8.1.1 v.8.1.1 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 47.0.1 (x86 en-US) v.47.0.1
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 17.0.6 (x86 en-US) v.17.0.6 Warning! Download Update
Windows Live Mail v.16.4.3505.0912
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.1.6018
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.12.1.3076.0
C:\Program Files\AVAST Software\Avast\avastui.exe v.12.1.3076.6
Online Armor Helper Service (OAcat) - The service is running
C:\Program Files (x86)\Online Armor\oacat.exe v.4.5.1.431
Online Armor (SvcOnlineArmor) - The service has stopped
C:\Program Files (x86)\GlassWire\GlassWire.exe v.1.2.71.0
C:\Program Files (x86)\GlassWire\GWIdlMon.exe v.1.2.71.0
GlassWire Control Service (GlassWire) - The service is running
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe v.1.2.71.0
McAfee Validation Trust Protection Service (mfevtp) - The service has stopped
Microsoft Antimalware Service (MsMpSvc) - The service is running
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe v.3.0.8107.0
Microsoft Network Inspection (NisSrv) - The service is running
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe v.3.0.8107.0
Windows Defender (WinDefend) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
FATE v.2.2.0.82 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Jewel Quest Solitaire 2 v.2.2.0.82 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------


******************************************************************************

O.K., some important things to mention:

1. Thank you for your help!

2. I did not uninstall avast! yet because Microsoft Security Essentials is half-functioning. The virus definitions won't update. I get this error message when I attempt to do so manually. Also, real-time protection is disabled when I startup the computer. I have to manually turn it on. Would you still like me to uninstall avast?

3. I've disabled Online Armor because it clogs the CPU. And Emsisoft warned that they've stopped updating definitions. May I remove it? (I've enabled Windows firewall and am currently using Glasswire Firewall. I know — it's not good to use two.)

4. I uninstalled Bazooka, but I didn't uninstall HitmanPro, or the Emsisoft Emergency Kit, etc. because I couldn't see them there in Revo Uninstaller. Would you like me to uninstall them too?

5. Should I delete the PUPs in MalwareBytes quarantine?

6. My brother must have installed Jewel Quest Solitaire. :-(

 

7. I did not get CCleaner to remove the avast! and WinPatrol data. Will you need the logs?

 

 

 


Edited by bwv848, 01 August 2016 - 03:06 PM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#5 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:54 PM

Posted 01 August 2016 - 03:24 PM

According to the Security scan...Avast is installed. Run its uninstaller and if necessary use Avast Uninstall Utility | Download aswClear for Avast Removal

 

I think it best to uninstall all firewalls. Windows 7 firewall is very good. You likely have another active firewall if you are using a router and its firewall has been activated.

 

Uninstall Emsisoft.

 

Did either MBAM or AdwCleaner find and remove FATE v.2.2.0.82?

 

Uninstall these programs:

Microsoft Silverlight v.5.1.30514.0

Adobe Reader 8.1.1 v.8.1.1

QuickTime v.7.73.80.64

Bonjour v.3.0.0.10

Java 8 Update 31 (64-bit) v.8.0.310

HP Games    WildTangent    6/29/2010        1.0.0.80

Hardware Diagnostic Tools    PC-Doctor, Inc.    6/29/2010        6.0.5418.39

 

If you were asking if it was okay to allow CCleaner to clean WinPatrol...yes, it is okay.

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    SafeZone scheduled Autoupdate 1469474360    Avast Software    C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes    Task    {32676462-CCF3-4742-B1A2-E696691C3252}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.10.0.115/en/abandoninstall?page=tsProgressBar
Yes    Task    {95AB63CD-711A-4AE3-8C68-1895548EDDA9}        C:\Program Files (x86)\Skype\\Phone\Skype.exe

 

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    GlassWire    SecureMix LLC    "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide

Yes    HKCU:Run    HPAdvisorDock        C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe

Yes    HKLM:Run    @OnlineArmor GUI    Emsi Software GmbH    "C:\Program Files (x86)\Online Armor\OAui.exe"
Yes    HKLM:Run    Adobe Reader Speed Launcher    Adobe Systems Incorporated    "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

Yes    HKLM:Run    lxdxamon    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe"
Yes    HKLM:Run    lxdxmon.exe    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"

Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Yes    Startup Common    PictureMover.lnk    Hewlett-Packard Company    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 01 August 2016 - 04:34 PM

Alright, completed all your instructions, thanks!

A few things to note:

1. When you say Emsisoft, do you mean the Emsisoft Emergency Kit or Online Armor? :-) I've uninstalled Online Armor.

2. When I uninstalled Adobe Reader, Avast, and Quicktime with Revo, I didn't delete any registry keys. I'm concerned that if I delete the wrong ones, I could make the computer un-bootable. However, I do have screenshots, so if you would like me to go in to the Registry Editor I can.

3. PC Doctor came with the computer. It's supposed to diagnose hardware issues. I don't think it's the other malicious PC doctor, but I may be wrong. :wink:  Should I get rid of it?

4. Adwcleaner and MBAM didn't detect FATE or Jewel Quest Solitaire because they came with WildTangent games.

5. I disabled the Logitech Webcamera from startup. I don't use the webcam. Also, I left GlassWire in startup because I like to see what my computer is connecting too. Anyway, I disabled the GlassWire firewall.
 
6. You're absolutely correct about firewalls. We're using Verizon, so it should be relatively safe.

OK, the three most important things!

a. Am I still infected? I still think I am for some reason.

b. Will it ever be safe to shop online, pay bills, and do banking on the computer anymore? I heard that some Trojans like Osram (avast detected it) leave your computer vulnerable forever, unless you format the hard-disk and then reinstall Windows.

c. I am most concerned using the internet without an antivirus. I've uninstalled avast, but shouldn't I replace it with something else?
 
Thank you again!
 
EDIT: Actually I was wrong. I forgot that MSE was an antivirus. But I don't trust it since it's from Microsoft. :-) Should I uninstall it and install another antivirus from the recommendations here. Also, the computer is SUPER fast now.


Edited by bwv848, 01 August 2016 - 05:03 PM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#7 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:54 PM

Posted 01 August 2016 - 05:52 PM

Looks like something has been accomplished...re super fast!

Remove both Armor and Emsisoft. Uninstall that useless program and possible spyware....PC DOCTOR

 

Try using the Eset Online scanner. Hopefully the registry entries you did not remove using Revo won't interfere.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 01 August 2016 - 08:43 PM

I removed PC Doctor via the Control Panel (Revo or CCleaner couldn't uninstall it because it was not detected). Should I get rid of the other HP stuff I don't need?

 

ESET removed these files:

 

C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WE5JTDQI\CnetInstaller[1] a variant of Win32/WinWrapper.B potentially unwanted application cleaned by deleting
C:\Users\Bears\Downloads\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application deleted
C:\Users\owls\Downloads\ccsetup520.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Tin Tin Online\AppData\Local\Temp\is366025459\6D0EBFE2_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting
C:\Users\Tin Tin Online\AppData\Local\Temp\is366025459\6F98DC9C_stp\HardwareInfoLib.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting

 

I apologize for not posting the log. I thought it was in the Temp folder because when I first used ESET on July 29th the logs were there. (Anyway this seems like a different version of ESET online scanner.) I then did further research after I shutdown the computer for the night and realized that the logs are in the ProgramData folder. I will try to post them tomorrow. (Can't do it tonight.)

 

Also why did CCleaner install a Google toolbar? I made sure to uncheck "Make Google Chrome my Default Browser" as that was the only thing I found that wasn't wanted.

 

What's the next step? Scanning with more malware scanners? Thank you!

 

 


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#9 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:54 PM

Posted 01 August 2016 - 09:09 PM

Eset found the installer for the Google Toolbar in the download of CCleaner. You denied its install....had you not denied it...it would of installed.

 

Unless you see some other problem....I think you are good to go.

 

Suggestions...Since you use Firefox and if you don't have an ad blocker...I suggest you install Adblock Plus.

Adblock Plus :: Add-ons for Firefox

 

Block third party cookies...also known as ad/ tracking cookies from installing in Firefox. Once they are blocked from installing....run CCleaner to remove the existing ones.

How to disable third-party cookies in all major web browsers

 

Any of these you don't use you can uninstall.

HP MediaSmart CinemaNow 2.0    Hewlett-Packard    6/29/2010    90.8 MB    2.0
HP MediaSmart DVD    Hewlett-Packard    6/28/2010    96.9 MB    4.0.3902
HP MediaSmart Music    Hewlett-Packard    6/28/2010    74.3 MB    4.0.3910
HP MediaSmart Photo    Hewlett-Packard    6/28/2010    223 MB    4.0.3911
HP MediaSmart SmartMenu    Hewlett-Packard    6/28/2010    2.02 MB    3.1.1.12
HP MediaSmart Video    Hewlett-Packard    6/28/2010    267 MB    4.0.3911
HP MediaSmart/TouchSmart Netflix    Hewlett-Packard    6/28/2010    9.61 MB    1.0.2.0
HP Odometer    Hewlett-Packard    6/28/2010    48.0 KB    2.10.0000
HP Setup    Hewlett-Packard    6/28/2010        1.2.4048.3310
HP Support Assistant    Hewlett-Packard    12/1/2010    20.9 MB    4.4.6.3
HP Support Information    Hewlett-Packard    6/28/2010    160 KB    10.1.0002
HP Update    Hewlett-Packard    6/28/2010    2.97 MB    5.002.003.003


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 01 August 2016 - 09:48 PM

Thank you! I installed Adblock Plus and added some custom lists such as Spam404, Disable Malware, etc. when I first started to clean the computer a few days ago. I DETEST ads. 

I will uninstall the HP programs I don't use, and block third-party cookies tomorrow. (I already use Self-Destructing Cookies.) Also, as I said in a previous post, I would like to get another antivirus and disable MSE. In my experience, MSE has detected malware on my computer, but only when it's in my computer — it doesn't block them from downloading. Also, it doesn't block malicious sites. Between Sophos Home Free Antivirus or Bitdefender Anti-virus Free Edition which would you choose?

 

One more thing — is it safe to make backups of files? Will malware transfer to my portable HDD? I already have backups of most of my pictures and documents, but they're in an inconvenient location and would like one more copy of them.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#11 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 01 August 2016 - 10:09 PM

Also, I read this post from quietman7.

 

MalwareTips says that the Osram Trojan commonly installs a backdoor. And backdoors are very hard to remove. :-(

 

After reading that I got really concerned!


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#12 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:54 PM

Posted 02 August 2016 - 05:04 AM

What Windows Defender says about Osram detection.....

Windows Defender detects and removes this threat.

This is a generic detection, which means we use this name for a large number of trojans.

The actual behavior of these trojans can vary from one infection to another.

 

Now that you have installed Adblock Plus...click on its ABP icon and choose Filter Preferences. UNcheck Allow some non-intrusive advertisements.

 

Backing up files and creating whole hdd images is always a good idea. To prevent malware such as ransomware from infecting those files, it is best for the

home user to only have the external media connected during backup and imaging. Those whole images come in real handy when an internal hdd fails...which can

happen at any time.

 

Avast, BitDefender and Sophos are okay in my book. Avast was uninstalled because you were having problems completing scans and updating Avast. Suggest

after installing any free program including security programs to run scans using MBAM, AdwCleaner and Junkware Removal Tool.

 

Firefox does a pretty good job of warning you and preventing you from visiting sites known to contain malware. But just like security programs, it is always playing

catch up as sites get infected constantly and new malware seems to be created every hour. The best security program is the one between your ears....knowing

how malware gets on your computer and avoiding high risks.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 02 August 2016 - 03:57 PM

I've unchecked "Allow some non-intrusive advertising" for ABP, but for some reason, I can't block third-party cookies. Maybe it's because I got the self-destructing cookies add-on. Also, I uninstalled most of the HP bloatware.

As for the Osram Trojan, since you're so confident that it's been wiped out, I feel safe. :-)

Now, backing up. Is it safe to keep backups on an external Hammer HDD that's always connected to my computer? For the computer to have access to it, it must be physically turned on. Does that disable malware from entering it?

If not, I'll just put it on my 1 TB Toshiba HD. Also, what program do you recommend for creating HDD images?

And then anti-viruses. I'm torn between Sophos and BitDefender. Actually, I don't mind trying Avast again because I'm still so used to it. (I don't think it had trouble updating? Thought it was MSE.)

Anyway, here are the MBAM, Adwcleaner, ESET and JRT logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by owls (Administrator) on Tue 08/02/2016 at 15:49:26.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 30

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\ProgramData\SPL3E85.tmp (File)
Successfully deleted: C:\ProgramData\SPL426F.tmp (File)
Successfully deleted: C:\ProgramData\SPL72D4.tmp (File)
Successfully deleted: C:\ProgramData\SPLB6A3.tmp (File)
Successfully deleted: C:\ProgramData\SPLC37F.tmp (File)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TWXTQV4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1A0CVGJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU0BHGHB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5Q8IDTZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV327RLL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLERANHO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDPOUVWE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\owls\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSEFGE5D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TWXTQV4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1A0CVGJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU0BHGHB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5Q8IDTZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV327RLL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLERANHO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDPOUVWE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSEFGE5D (Temporary Internet Files Folder)

Deleted the following from C:\Users\owls\AppData\Roaming\Mozilla\Firefox\Profiles\1e6uw3gs.default\prefs.js
user_pref(browser.startup.homepage, http://www.startpage.com);



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/02/2016 at 15:51:09.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner log:

# AdwCleaner v5.201 - Logfile created 02/08/2016 at 15:54:29
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-02.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : owls - BEARS-HP
# Running from : C:\Users\owls\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\ooxmngt4.default\prefs.js] Found : user_pref("avg.toolbar.buttons_label", ",Search,Active Surf-Shield,Active Surf-Shield,Search-Shield,AVG Info ,AVG Info ,Get More");
[C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\ooxmngt4.default\prefs.js] Found : user_pref("browser.startup.homepage", "hxxp://ixquick.com/");

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2211 bytes] - [25/07/2016 22:17:04]
C:\AdwCleaner\AdwCleaner[C2].txt - [1404 bytes] - [26/07/2016 13:19:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [1732 bytes] - [25/07/2016 17:16:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [2821 bytes] - [25/07/2016 20:12:36]
C:\AdwCleaner\AdwCleaner[S3].txt - [344 bytes] - [26/07/2016 11:38:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [2009 bytes] - [26/07/2016 13:05:26]
C:\AdwCleaner\AdwCleaner[S5].txt - [1385 bytes] - [26/07/2016 13:22:57]
C:\AdwCleaner\AdwCleaner[S6].txt - [1457 bytes] - [26/07/2016 16:05:26]
C:\AdwCleaner\AdwCleaner[S7].txt - [1604 bytes] - [02/08/2016 15:54:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1677 bytes] ##########

***************************************************************************

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5ac6de31dd22c94494047451e60f1b1d
# end=init
# utc_time=2016-08-01 11:05:01
# local_time=2016-08-01 07:05:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 30292
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5ac6de31dd22c94494047451e60f1b1d
# end=updated
# utc_time=2016-08-01 11:07:53
# local_time=2016-08-01 07:07:53 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5ac6de31dd22c94494047451e60f1b1d
# engine=30292
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-08-02 01:15:41
# local_time=2016-08-01 09:15:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 95576253 221643991 0 0
# scanned=265437
# found=5
# cleaned=5
# scan_time=7667
sh=1290DDE3F2B3102F7BCEA1037EB82C00F5757108 ft=1 fh=58ec4c678c416999 vn="a variant of Win32/WinWrapper.B potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WE5JTDQI\CnetInstaller[1]"
sh=030E9556494C2784F301FAB8708E224C0E444106 ft=1 fh=f7783894cc13cc4e vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application (deleted)" ac=C fn="C:\Users\Bears\Downloads\siw.exe"
sh=68B0376FB80EC5DBF7B47DCC7B5335383E9B063A ft=1 fh=893d1fa1996eca88 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\owls\Downloads\ccsetup520.exe"
sh=4101270357B096EF454463D13581E3D123C60560 ft=1 fh=2a17fddd6cb742ea vn="a variant of Win32/InstallCore.ACL potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Tin Tin Online\AppData\Local\Temp\is366025459\6D0EBFE2_stp\RAM.dll"
sh=0757E5656520733E1E23BF0209E611E0F084412F ft=1 fh=7b0a7263902cbf73 vn="a variant of Win32/InstallCore.ACL potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Tin Tin Online\AppData\Local\Temp\is366025459\6F98DC9C_stp\HardwareInfoLib.dll"

***************************************************************************

MBAM log:

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 8/2/2016
Scan Time: 4:08 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.02.11
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owls

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 483767
Time Elapsed: 36 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I didn't let Adwcleaner delete my StartPage home setting for Firefox (JRT did that). That's a false positive — I manually set it.

Thanks! Next step?
 


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#14 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:54 PM

Posted 02 August 2016 - 04:51 PM

Whichever antivirus you choose....it will shut down Windows antivirus by default.

 

Windows 7 uses a version of Acronis. You already have that and it works very well in creating images.

Malware such as ransomware will infect any files connected to the computer. For that reason you should only

have the external media that you create the image(s) on connected during time of creating the image.

Scroll down to see the info for Windows 7...How to Create a System Image in Windows 7, 8, or 10

 

You should create a Repair Disc, too. Create a system repair disc


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 bwv848

bwv848

    Bleepin' Owl

  • Topic Starter

  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:08:54 PM

Posted 02 August 2016 - 07:19 PM

OK, stupid question. Is the Windows 7 backup program you're talking about called "Backup and Restore" in the Control Panel? Anyway, I'll backup the HD tomorrow. Also, I created a Repair Disc when the computer was first purchased. Do I need to make another copy?
 
Thanks!
 
Edit: Please forget about the first question. Didn't check out the link. SORRY!!!
 

Edited by bwv848, 02 August 2016 - 10:30 PM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users