Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i got infected


  • Please log in to reply
11 replies to this topic

#1 gazzer77

gazzer77

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 19 September 2016 - 06:42 PM

i got infected and ran a bunch of tools , im sorry im an idiot .

i tried to download a tool to unlock an iphone im locked out of . 

i have a couple of command prompt s popping up and stopping me from finishing this post . solari, 1NEXHBI 

flashes and leaves 

Here hijack this log...>>>>``

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:36:47 PM, on 9/19/2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)
 
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\DeltaIITray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\doughboy\purpose.exe
C:\Program Files\Google\Chrome\Application\chrome334.exe
C:\Program Files\Google\Chrome\Application\chrome334.exe
C:\Program Files\Google\Chrome\Application\chrome334.exe
C:\Program Files\Google\Chrome\Application\chrome334.exe
C:\Program Files\Google\Chrome\Application\chrome334.exe
C:\Users\G\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09152016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 162.222.194.13 cocomo.tremorhub.com
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [purpose] "C:\Program Files\doughboy\purpose.exe"
O4 - HKCU\..\Run: [toyota] "C:\Program Files\exhibitor\solari.exe"
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\vsocklib.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrsHelper - Unknown owner - C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
 
--
End of file - 7981 bytes
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 20 September 2016 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your Chrome version has been compromised.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


If you Sync your data.
How To Delete Your Google Chrome Browser Sync Data
http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/
<<<>>>

After the Restart of the computer download and run this tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.

#3 gazzer77

gazzer77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 20 September 2016 - 11:50 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-09-2016
Ran by G (administrator) on G-PC (20-09-2016 12:02:21)
Running from C:\Users\G\Downloads
Loaded Profiles: G (Available Profiles: G & guest1 & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\System32\DeltaIITray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\doughboy\purpose.exe
(Microsoft Corporation) C:\Windows\System32\verclsid.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_22_0_0_210_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-06-20] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13535776 2008-06-20] (NVIDIA Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\DeltaIITray.exe [236040 2011-02-18] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4493312 2007-06-20] (Realtek Semiconductor)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll [460120 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll [1946968 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll [58200 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll [495960 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll [353624 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll [419160 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll [746840 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll [825688 2014-05-30] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll] => C:\Program Files\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll [390488 2014-05-30] ()
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [Microsoft Works Update Detection] => \WkDetect.exe
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [purpose] => C:\Program Files\doughboy\purpose.exe [36766 2016-09-16] ()
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [toyota] => C:\Program Files\exhibitor\solari.exe [75776 2016-09-16] ()
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_22_0_0_210_ActiveX.exe [1210560 2016-07-22] (Adobe Systems Incorporated)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(N~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{29A8FD88-8116-403B-B038-1213A91F3E7D}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{88BCB8FA-2CB2-48EB-A4E4-582C1B4DAD43}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP68
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE9ENUS/120
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> {36E14C69-1BA5-4425-B6A7-87BF0CC09CF3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-10] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: (No Name) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-08-13] [not signed]
FF Extension: (OneClickDownloader) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\G\AppData\Local\Google\Chrome\User Data\Default [2016-09-20]
CHR Extension: (Google Slides) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR Extension: (Gmail) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [303880 2011-02-18] (Avid Technology, Inc.)
R3 eapihdrv; C:\Users\G\AppData\Local\Temp\ehdrv.sys [135760 2016-09-19] (ESET)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-09-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R1 MpKslb889073e; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F71E0FE1-ABB9-455F-8359-55D23E97E420}\MpKslb889073e.sys [39168 2016-09-20] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-03-02] ()
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247304 2009-07-03] (silex technology, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433792 2008-12-25] (Leadtek Research Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\G\AppData\Local\Temp\catchme.sys [X]
S2 sbmntr; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-20 12:02 - 2016-09-20 12:05 - 00018381 _____ C:\Users\G\Downloads\FRST.txt
2016-09-20 12:01 - 2016-09-20 12:02 - 00000000 ____D C:\FRST
2016-09-20 12:00 - 2016-09-20 12:01 - 01750528 _____ (Farbar) C:\Users\G\Downloads\FRST.exe
2016-09-19 19:30 - 2016-09-19 19:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\G\Desktop\HijackThis.exe
2016-09-19 14:10 - 2016-09-19 14:17 - 00002972 _____ C:\Users\G\Desktop\Rkill.txt
2016-09-19 14:10 - 2016-09-19 14:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\G\Desktop\rkill.exe
2016-09-17 23:03 - 2016-09-18 07:16 - 00000000 ___SD C:\ComboFix
2016-09-17 22:54 - 2016-09-17 23:03 - 00000000 ___SD C:\32788R22FWJFW
2016-09-17 22:53 - 2016-09-17 22:54 - 05658813 ____R (Swearware) C:\Users\G\Desktop\ComboFix.exe
2016-09-17 22:49 - 2016-09-17 22:52 - 00182616 _____ C:\TDSSKiller.3.1.0.11_17.09.2016_22.49.52_log.txt
2016-09-17 21:46 - 2016-09-17 22:48 - 00000000 ____D C:\Users\G\Desktop\mbar
2016-09-17 21:45 - 2016-09-17 21:46 - 04747704 _____ (AO Kaspersky Lab) C:\Users\G\Desktop\tdsskiller.exe
2016-09-17 21:44 - 2016-09-17 21:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\G\Desktop\mbar-1.09.3.1001.exe
2016-09-17 21:01 - 2016-09-17 21:49 - 00000817 _____ C:\Users\G\Desktop\Stinger_17092016_210149.html
2016-09-17 20:59 - 2016-09-17 21:01 - 16324464 _____ (McAfee Inc) C:\Users\G\Desktop\stinger32.exe
2016-09-17 15:43 - 2016-09-17 15:43 - 00000986 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-09-17 15:43 - 2016-09-17 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-09-17 15:43 - 2016-09-17 15:43 - 00000000 ____D C:\Program Files\VS Revo Group
2016-09-17 11:00 - 2016-09-17 11:00 - 00001790 _____ C:\Users\G\Desktop\Microsoft Security Essentials.lnk
2016-09-16 21:01 - 2016-09-16 21:01 - 00024408 _____ C:\Users\G\Desktop\iDict-master.zip
2016-09-16 14:47 - 2016-09-16 15:27 - 00172590 _____ C:\Windows\ntbtlog.txt
2016-09-16 14:45 - 2016-09-16 14:45 - 07090176 _____ C:\Users\G\AppData\Roaming\agent.dat
2016-09-16 14:45 - 2016-09-16 14:45 - 00018432 _____ C:\Users\G\AppData\Roaming\Main.dat
2016-09-16 14:41 - 2016-09-16 14:41 - 00140288 _____ C:\Users\G\AppData\Roaming\Installer.dat
2016-09-16 14:39 - 2016-09-16 15:11 - 00000000 ____D C:\Users\G\AppData\Roaming\YSPackage
2016-09-16 14:39 - 2016-09-16 15:11 - 00000000 ____D C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
2016-09-16 14:38 - 2016-09-16 14:38 - 00000000 ___HD C:\Program Files\exhibitor
2016-09-16 14:38 - 2016-09-16 14:38 - 00000000 ___HD C:\Program Files\doughboy
2016-09-16 14:36 - 2016-09-16 14:36 - 00000000 ____D C:\Users\G\AppData\Local\Shortcut Installer
2016-09-16 14:32 - 2016-09-16 14:41 - 00000000 ____D C:\Windows\system32\SSL
2016-09-16 14:03 - 2016-09-16 14:17 - 00000777 _____ C:\Windows\system32\Drivers\etc\host.txt
2016-09-16 13:57 - 2016-09-16 14:02 - 00000759 _____ C:\Users\G\Desktop\host.txt
2016-09-16 13:41 - 2016-09-16 13:41 - 00127644 _____ C:\Users\G\AppData\Local\85220239.exe
2016-09-16 10:27 - 2016-09-16 10:27 - 00000039 _____ C:\Users\G\Desktop\Won.txt
2016-09-15 23:03 - 2016-06-10 10:19 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-15 23:01 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-15 23:01 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-15 23:01 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-15 23:01 - 2016-06-25 11:37 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-15 23:01 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-09-15 21:01 - 2016-06-20 13:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-15 21:01 - 2016-06-20 13:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-15 21:01 - 2016-06-20 13:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-15 21:01 - 2016-06-20 13:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-15 21:01 - 2016-06-20 13:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-15 21:01 - 2016-06-20 13:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-15 21:01 - 2016-06-20 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-15 21:01 - 2016-06-20 13:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-15 21:01 - 2016-06-20 13:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-15 21:01 - 2016-06-20 13:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-15 21:01 - 2016-06-20 13:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-15 21:01 - 2016-06-20 13:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-09-15 21:01 - 2016-06-20 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-09-15 21:01 - 2016-06-20 13:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-09-15 21:00 - 2016-06-20 13:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-15 21:00 - 2016-06-20 13:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-15 21:00 - 2016-06-20 13:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-15 21:00 - 2016-06-20 13:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-15 21:00 - 2016-06-20 13:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-15 21:00 - 2016-06-20 13:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-09-15 21:00 - 2016-06-20 13:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-15 21:00 - 2016-06-20 13:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-15 18:13 - 2016-09-15 18:13 - 00001192 _____ C:\Users\G\Desktop\XFINITY Connect.lnk
2016-09-15 18:13 - 2016-09-15 18:13 - 00001164 _____ C:\Users\G\Desktop\Constant Guard Protection Suite.lnk
2016-09-15 18:13 - 2016-09-15 18:13 - 00001158 _____ C:\Users\G\Desktop\XFINITY TV.lnk
2016-09-15 18:13 - 2016-09-15 18:13 - 00000000 ____D C:\Users\G\AppData\Local\Xfinity.com
2016-09-15 16:37 - 2016-09-15 16:38 - 01065376 _____ (Google Inc.) C:\Users\G\Desktop\ChromeSetup.exe
2016-09-15 15:21 - 2016-09-15 15:21 - 00223661 _____ C:\Users\G\Documents\iTunes Diagnostics.spx
2016-09-15 14:48 - 2016-09-15 14:48 - 00000000 ____D C:\Users\G\AppData\Local\{A3A919AB-9772-4E08-91B3-FCC2C12D76E6}
2016-09-14 15:21 - 2016-09-14 15:21 - 00126134 _____ C:\Windows\a3cf592823cfad19417f9efbac1e9c1a.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-20 12:02 - 2006-11-02 08:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-20 12:02 - 2006-11-02 08:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-19 15:30 - 2015-08-07 06:47 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-19 14:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2016-09-19 14:07 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-09-19 14:07 - 2006-11-02 06:33 - 00755252 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-19 14:03 - 2012-08-22 17:28 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-09-19 14:02 - 2006-11-02 08:58 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-19 14:02 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-19 13:59 - 2012-08-23 17:17 - 00000000 ____D C:\Windows\pss
2016-09-17 23:05 - 2013-11-24 19:36 - 00000000 ____D C:\Qoobox
2016-09-17 22:48 - 2013-11-25 09:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-17 21:46 - 2015-08-07 06:36 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-17 15:09 - 2015-08-07 06:36 - 00000863 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-17 15:09 - 2015-08-07 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-17 15:09 - 2015-08-07 06:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-16 14:48 - 2006-11-02 08:44 - 00279784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-16 14:40 - 2012-08-22 17:09 - 00065544 _____ C:\Users\G\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-16 06:55 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-09-15 22:40 - 2013-07-19 22:39 - 00000000 ____D C:\Windows\system32\MRT
2016-09-15 21:20 - 2006-11-02 06:24 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-09-15 20:43 - 2013-04-12 23:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-15 20:43 - 2012-09-12 18:25 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 20:43 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Help
2016-09-15 18:13 - 2015-10-21 21:25 - 00000974 _____ C:\Windows\Tasks\g8I4GWQFf.job
2016-09-15 17:34 - 2015-10-21 21:34 - 00000996 _____ C:\Windows\Tasks\bdKpr1qzAGe5LnaFfF9R.job
2016-09-15 16:41 - 2012-09-12 18:25 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 16:31 - 2013-11-23 12:54 - 00000000 ____D C:\Program Files\Opera
2016-09-15 14:54 - 2012-12-10 16:21 - 00001356 _____ C:\Users\G\AppData\Local\d3d9caps.dat
2016-09-15 14:26 - 2015-10-21 20:50 - 00000984 _____ C:\Windows\Tasks\RnLSoHorKHAfsK.job
2016-09-15 14:00 - 2015-10-21 21:17 - 00001008 _____ C:\Windows\Tasks\CJwE8lX5MJFiS32Km9yxUAnnzZ.job

==================== Files in the root of some directories =======

2016-09-16 14:45 - 2016-09-16 14:45 - 7090176 _____ () C:\Users\G\AppData\Roaming\agent.dat
2016-09-16 14:41 - 2016-09-16 14:41 - 0140288 _____ () C:\Users\G\AppData\Roaming\Installer.dat
2016-09-16 14:45 - 2016-09-16 14:45 - 0018432 _____ () C:\Users\G\AppData\Roaming\Main.dat
2016-09-16 13:41 - 2016-09-16 13:41 - 0127644 _____ () C:\Users\G\AppData\Local\85220239.exe
2012-12-10 16:21 - 2016-09-15 14:54 - 0001356 _____ () C:\Users\G\AppData\Local\d3d9caps.dat
2012-08-22 17:41 - 2015-01-07 09:03 - 0076800 _____ () C:\Users\G\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-18 10:40 - 2014-09-15 10:15 - 0004001 _____ () C:\ProgramData\hpzinstall.log
2014-06-21 16:17 - 2014-06-21 16:17 - 0003529 _____ () C:\ProgramData\lpm.dat

Files to move or delete:
====================
C:\ProgramData\lpm.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-20 02:18

==================== End of FRST.txt ============================

Attached Files



#4 gazzer77

gazzer77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 21 September 2016 - 06:26 AM

dthe comand prompt pop up  continue to pop every second or so 2 to count exe . files . thank you team.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 21 September 2016 - 10:44 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files\doughboy\purpose.exe
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [purpose] => C:\Program Files\doughboy\purpose.exe [36766 2016-09-16] ()
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [toyota] => C:\Program Files\exhibitor\solari.exe [75776 2016-09-16] ()
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: (No Name) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-08-13] [not signed]
FF Extension: (OneClickDownloader) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-24] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
Task: {077932AE-9A0A-47F5-837A-7E9D9AED4068} - \runTask -> No File <==== ATTENTION
Task: {0C830DDC-BDCA-4AA0-AC77-72974D1EDFE3} - \{A1D5762B-134C-4CF3-952E-492A0358536D} -> No File <==== ATTENTION
Task: {11AB4DFE-3FCD-450E-8B22-1E0662BD6C67} - \Advanced System Protector -> No File <==== ATTENTION
Task: {1393515B-587C-4905-A405-53561840ABDF} - \Opera scheduled Autoupdate 1385225668 -> No File <==== ATTENTION
Task: {1806D909-6AD5-4C3F-A590-20BEE50D7357} - \g8I4GWQFf -> No File <==== ATTENTION
Task: {24530D2C-80D4-485D-95BC-90F0191FBE44} - \YTDownloader -> No File <==== ATTENTION
Task: {26D054C7-33A6-43F9-9475-0FF149369FE4} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {2D62C142-A9C3-40E3-845E-F949421CFF6E} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {31D23962-432D-4256-B127-63EDEC2A9089} - \{62ACE56A-E09B-46E6-8333-546D0FCE463B} -> No File <==== ATTENTION
Task: {461CB166-4B0F-465B-AEC5-BCFEA181AF69} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {4C397B70-8416-4D17-ADD3-C2268EFB0E7F} - \4626008 -> No File <==== ATTENTION
Task: {4E064F69-477F-43B7-9969-D0BB55BD6C1B} - \{04ABD085-35A7-4C39-9491-1DE619B47A9E} -> No File <==== ATTENTION
Task: {511FC749-4949-4596-B0B5-172A9C111919} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {584CCA69-F90A-4538-998E-F401D64335ED} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {59B29496-6B90-4ADC-AD5C-39ABB3FD6087} - System32\Tasks\Da46260084626008 => C:\Program Files\exhibitor\solari.exe [2016-09-16] ()
Task: {5B0BBEFB-8FE5-4788-8E2A-A7D98E187F1A} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {602AA141-4789-42C7-A7E4-BE70D1A210C8} - \CJwE8lX5MJFiS32Km9yxUAnnzZ -> No File <==== ATTENTION
Task: {7C78E3B0-1F9D-425D-80DA-C7DA116AC410} - \User_Feed_Synchronization-{F48F1E61-9147-46A5-AB8E-F3AD17622FEB} -> No File <==== ATTENTION
Task: {83D5EB8C-DF68-424D-B022-A9B8BAFFF04E} - \updateTask -> No File <==== ATTENTION
Task: {8981365B-4EDC-49B7-8921-F962BE59E95D} - \{67F2EB62-4D10-45A7-B349-B62B1CABF366} -> No File <==== ATTENTION
Task: {A43A282F-F149-47CC-85F7-D771A1375A38} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {A6BBE06F-66BB-4F6F-84FF-E2F1CF57302A} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {A8A965BB-EE14-4899-80DE-27896AA0D2B9} - \{A3D5ED5B-2BBA-4FBA-A0D2-49A4C7EF472E} -> No File <==== ATTENTION
Task: {AB38A32D-6BB9-4B3F-8406-5288FAD00F9C} - \RnLSoHorKHAfsK -> No File <==== ATTENTION
Task: {B4B0C035-9F06-4B45-84D9-993191D5590E} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B6CF70C3-9121-415C-87FB-C2DF308CA40D} - \{24129308-5599-4FAC-AC9E-2EF2C2BAAD42} -> No File <==== ATTENTION
Task: {BBF936B2-C883-4314-88A4-ACD45D138608} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {BF79606C-2CED-43FB-9A1F-F816CBAD16CA} - \RealUpgradeScheduledTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {BF8FE9CE-C44A-451B-8347-FD8373C7B632} - \RealUpgradeLogonTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {BFBBCA6B-4A3B-4F92-8F49-F5E8095FD61D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {CCE6A4E9-8616-4CB7-A206-7AECE088BF33} - \MyBrowser -> No File <==== ATTENTION
Task: {D865D872-EED0-48E6-AB32-B01956C98583} - \bdKpr1qzAGe5LnaFfF9R -> No File <==== ATTENTION
Task: {F209427A-2B47-426E-BB84-4EEBB188D7E4} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: C:\Windows\Tasks\bdKpr1qzAGe5LnaFfF9R.job => C:\Users\G\AppData\Roaming\bdKpr1qzAGe5LnaFfF9R.exe <==== ATTENTION
Task: C:\Windows\Tasks\CJwE8lX5MJFiS32Km9yxUAnnzZ.job => C:\Users\G\AppData\Roaming\CJwE8lX5MJFiS32Km9yxUAnnzZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\g8I4GWQFf.job => C:\Users\G\AppData\Roaming\g8I4GWQFf.exe <==== ATTENTION
Task: C:\Windows\Tasks\RnLSoHorKHAfsK.job => C:\Users\G\AppData\Roaming\RnLSoHorKHAfsK.exe <==== ATTENTION
2016-09-16 13:41 - 2016-09-16 13:41 - 00036766 _____ () C:\Program Files\doughboy\purpose.exe
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
FirewallRules: [{137E99DD-0CC1-4D0C-98D6-343329AEF35A}] => (Allow) C:\Users\G\AppData\Local\ddnowyes.exe
FirewallRules: [{8EAF7512-CAD9-4EB9-867A-F2DC7B696687}] => (Allow) C:\Users\G\AppData\Local\Temp\installer1.exe
FirewallRules: [{F03F2F5B-7D97-4560-9E21-C17222A0D1B7}] => (Allow) C:\Users\G\AppData\Local\44761475.exe
FirewallRules: [{43EF963F-61AE-4487-AD03-BB17007E5AFD}] => (Allow) C:\Users\G\AppData\Local\tinstall.exe
FirewallRules: [{2FDBEAB3-2065-46AB-B79E-A98A8A2D2AFB}] => (Allow) C:\Program Files\exhibitor\solari.exe
S2 BrsHelper; C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\G\AppData\Local\Temp\catchme.sys [X]
S2 sbmntr; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys [X]
C:\Program Files\doughboy
C:\Program Files\exhibitor
C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com
C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\G\AppData\Roaming\bdKpr1qzAGe5LnaFfF9R.exe
C:\Users\G\AppData\Roaming\CJwE8lX5MJFiS32Km9yxUAnnzZ.exe
C:\Users\G\AppData\Roaming\g8I4GWQFf.exe
C:\Users\G\AppData\Roaming\RnLSoHorKHAfsK.exe
C:\Users\G\AppData\Local\ddnowyes.exe
C:\Users\G\AppData\Local\Temp\installer1.exe
C:\Users\G\AppData\Local\44761475.exe
C:\Users\G\AppData\Local\tinstall.exe
C:\Program Files\exhibitor\solari.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader Via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===


Please let me know what problem persists with this computer

Edited by nasdaq, 21 September 2016 - 10:45 AM.


#6 gazzer77

gazzer77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 21 September 2016 - 02:41 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-09-2016
Ran by G (21-09-2016 14:47:34) Run:1
Running from C:\Users\G\Downloads
Loaded Profiles: G (Available Profiles: G & guest1 & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files\doughboy\purpose.exe
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [purpose] => C:\Program Files\doughboy\purpose.exe [36766 2016-09-16] ()
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\...\Run: [toyota] => C:\Program Files\exhibitor\solari.exe [75776 2016-09-16] ()
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-633011263-2948650064-3403545423-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: (No Name) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-08-13] [not signed]
FF Extension: (OneClickDownloader) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-24] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
Task: {077932AE-9A0A-47F5-837A-7E9D9AED4068} - \runTask -> No File <==== ATTENTION
Task: {0C830DDC-BDCA-4AA0-AC77-72974D1EDFE3} - \{A1D5762B-134C-4CF3-952E-492A0358536D} -> No File <==== ATTENTION
Task: {11AB4DFE-3FCD-450E-8B22-1E0662BD6C67} - \Advanced System Protector -> No File <==== ATTENTION
Task: {1393515B-587C-4905-A405-53561840ABDF} - \Opera scheduled Autoupdate 1385225668 -> No File <==== ATTENTION
Task: {1806D909-6AD5-4C3F-A590-20BEE50D7357} - \g8I4GWQFf -> No File <==== ATTENTION
Task: {24530D2C-80D4-485D-95BC-90F0191FBE44} - \YTDownloader -> No File <==== ATTENTION
Task: {26D054C7-33A6-43F9-9475-0FF149369FE4} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {2D62C142-A9C3-40E3-845E-F949421CFF6E} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {31D23962-432D-4256-B127-63EDEC2A9089} - \{62ACE56A-E09B-46E6-8333-546D0FCE463B} -> No File <==== ATTENTION
Task: {461CB166-4B0F-465B-AEC5-BCFEA181AF69} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {4C397B70-8416-4D17-ADD3-C2268EFB0E7F} - \4626008 -> No File <==== ATTENTION
Task: {4E064F69-477F-43B7-9969-D0BB55BD6C1B} - \{04ABD085-35A7-4C39-9491-1DE619B47A9E} -> No File <==== ATTENTION
Task: {511FC749-4949-4596-B0B5-172A9C111919} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {584CCA69-F90A-4538-998E-F401D64335ED} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {59B29496-6B90-4ADC-AD5C-39ABB3FD6087} - System32\Tasks\Da46260084626008 => C:\Program Files\exhibitor\solari.exe [2016-09-16] ()
Task: {5B0BBEFB-8FE5-4788-8E2A-A7D98E187F1A} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {602AA141-4789-42C7-A7E4-BE70D1A210C8} - \CJwE8lX5MJFiS32Km9yxUAnnzZ -> No File <==== ATTENTION
Task: {7C78E3B0-1F9D-425D-80DA-C7DA116AC410} - \User_Feed_Synchronization-{F48F1E61-9147-46A5-AB8E-F3AD17622FEB} -> No File <==== ATTENTION
Task: {83D5EB8C-DF68-424D-B022-A9B8BAFFF04E} - \updateTask -> No File <==== ATTENTION
Task: {8981365B-4EDC-49B7-8921-F962BE59E95D} - \{67F2EB62-4D10-45A7-B349-B62B1CABF366} -> No File <==== ATTENTION
Task: {A43A282F-F149-47CC-85F7-D771A1375A38} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {A6BBE06F-66BB-4F6F-84FF-E2F1CF57302A} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {A8A965BB-EE14-4899-80DE-27896AA0D2B9} - \{A3D5ED5B-2BBA-4FBA-A0D2-49A4C7EF472E} -> No File <==== ATTENTION
Task: {AB38A32D-6BB9-4B3F-8406-5288FAD00F9C} - \RnLSoHorKHAfsK -> No File <==== ATTENTION
Task: {B4B0C035-9F06-4B45-84D9-993191D5590E} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B6CF70C3-9121-415C-87FB-C2DF308CA40D} - \{24129308-5599-4FAC-AC9E-2EF2C2BAAD42} -> No File <==== ATTENTION
Task: {BBF936B2-C883-4314-88A4-ACD45D138608} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {BF79606C-2CED-43FB-9A1F-F816CBAD16CA} - \RealUpgradeScheduledTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {BF8FE9CE-C44A-451B-8347-FD8373C7B632} - \RealUpgradeLogonTaskS-1-5-21-633011263-2948650064-3403545423-1000 -> No File <==== ATTENTION
Task: {BFBBCA6B-4A3B-4F92-8F49-F5E8095FD61D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {CCE6A4E9-8616-4CB7-A206-7AECE088BF33} - \MyBrowser -> No File <==== ATTENTION
Task: {D865D872-EED0-48E6-AB32-B01956C98583} - \bdKpr1qzAGe5LnaFfF9R -> No File <==== ATTENTION
Task: {F209427A-2B47-426E-BB84-4EEBB188D7E4} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: C:\Windows\Tasks\bdKpr1qzAGe5LnaFfF9R.job => C:\Users\G\AppData\Roaming\bdKpr1qzAGe5LnaFfF9R.exe <==== ATTENTION
Task: C:\Windows\Tasks\CJwE8lX5MJFiS32Km9yxUAnnzZ.job => C:\Users\G\AppData\Roaming\CJwE8lX5MJFiS32Km9yxUAnnzZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\g8I4GWQFf.job => C:\Users\G\AppData\Roaming\g8I4GWQFf.exe <==== ATTENTION
Task: C:\Windows\Tasks\RnLSoHorKHAfsK.job => C:\Users\G\AppData\Roaming\RnLSoHorKHAfsK.exe <==== ATTENTION
2016-09-16 13:41 - 2016-09-16 13:41 - 00036766 _____ () C:\Program Files\doughboy\purpose.exe
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
FirewallRules: [{137E99DD-0CC1-4D0C-98D6-343329AEF35A}] => (Allow) C:\Users\G\AppData\Local\ddnowyes.exe
FirewallRules: [{8EAF7512-CAD9-4EB9-867A-F2DC7B696687}] => (Allow) C:\Users\G\AppData\Local\Temp\installer1.exe
FirewallRules: [{F03F2F5B-7D97-4560-9E21-C17222A0D1B7}] => (Allow) C:\Users\G\AppData\Local\44761475.exe
FirewallRules: [{43EF963F-61AE-4487-AD03-BB17007E5AFD}] => (Allow) C:\Users\G\AppData\Local\tinstall.exe
FirewallRules: [{2FDBEAB3-2065-46AB-B79E-A98A8A2D2AFB}] => (Allow) C:\Program Files\exhibitor\solari.exe
S2 BrsHelper; C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\G\AppData\Local\Temp\catchme.sys [X]
S2 sbmntr; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys [X]
C:\Program Files\doughboy
C:\Program Files\exhibitor
C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com
C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\G\AppData\Roaming\bdKpr1qzAGe5LnaFfF9R.exe
C:\Users\G\AppData\Roaming\CJwE8lX5MJFiS32Km9yxUAnnzZ.exe
C:\Users\G\AppData\Roaming\g8I4GWQFf.exe
C:\Users\G\AppData\Roaming\RnLSoHorKHAfsK.exe
C:\Users\G\AppData\Local\ddnowyes.exe
C:\Users\G\AppData\Local\Temp\installer1.exe
C:\Users\G\AppData\Local\44761475.exe
C:\Users\G\AppData\Local\tinstall.exe
C:\Program Files\exhibitor\solari.exe

End

 

 

 

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Program Files\doughboy\purpose.exe
C:\Program Files\doughboy\purpose.exe => No running process found
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\Software\Microsoft\Windows\CurrentVersion\Run\\purpose => value removed successfully.
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\Software\Microsoft\Windows\CurrentVersion\Run\\toyota => value removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011" => key removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-633011263-2948650064-3403545423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-633011263-2948650064-3403545423-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions => moved successfully
FF Extension: (No Name) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-08-13] [not signed] => not found
C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com => moved successfully
FF Extension: (OneClickDownloader) - C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-24] [not signed] => not found
C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077932AE-9A0A-47F5-837A-7E9D9AED4068}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077932AE-9A0A-47F5-837A-7E9D9AED4068}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C830DDC-BDCA-4AA0-AC77-72974D1EDFE3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C830DDC-BDCA-4AA0-AC77-72974D1EDFE3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1D5762B-134C-4CF3-952E-492A0358536D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11AB4DFE-3FCD-450E-8B22-1E0662BD6C67}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11AB4DFE-3FCD-450E-8B22-1E0662BD6C67}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1393515B-587C-4905-A405-53561840ABDF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1393515B-587C-4905-A405-53561840ABDF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1385225668" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1806D909-6AD5-4C3F-A590-20BEE50D7357}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1806D909-6AD5-4C3F-A590-20BEE50D7357}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\g8I4GWQFf" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24530D2C-80D4-485D-95BC-90F0191FBE44}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24530D2C-80D4-485D-95BC-90F0191FBE44}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26D054C7-33A6-43F9-9475-0FF149369FE4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26D054C7-33A6-43F9-9475-0FF149369FE4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D62C142-A9C3-40E3-845E-F949421CFF6E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D62C142-A9C3-40E3-845E-F949421CFF6E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31D23962-432D-4256-B127-63EDEC2A9089}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31D23962-432D-4256-B127-63EDEC2A9089}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62ACE56A-E09B-46E6-8333-546D0FCE463B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{461CB166-4B0F-465B-AEC5-BCFEA181AF69}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{461CB166-4B0F-465B-AEC5-BCFEA181AF69}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-633011263-2948650064-3403545423-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C397B70-8416-4D17-ADD3-C2268EFB0E7F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C397B70-8416-4D17-ADD3-C2268EFB0E7F}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4626008 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E064F69-477F-43B7-9969-D0BB55BD6C1B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E064F69-477F-43B7-9969-D0BB55BD6C1B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04ABD085-35A7-4C39-9491-1DE619B47A9E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{511FC749-4949-4596-B0B5-172A9C111919}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{511FC749-4949-4596-B0B5-172A9C111919}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{584CCA69-F90A-4538-998E-F401D64335ED}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{584CCA69-F90A-4538-998E-F401D64335ED}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59B29496-6B90-4ADC-AD5C-39ABB3FD6087}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59B29496-6B90-4ADC-AD5C-39ABB3FD6087}" => key removed successfully.
C:\Windows\System32\Tasks\Da46260084626008 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Da46260084626008" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B0BBEFB-8FE5-4788-8E2A-A7D98E187F1A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B0BBEFB-8FE5-4788-8E2A-A7D98E187F1A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{602AA141-4789-42C7-A7E4-BE70D1A210C8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{602AA141-4789-42C7-A7E4-BE70D1A210C8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CJwE8lX5MJFiS32Km9yxUAnnzZ" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C78E3B0-1F9D-425D-80DA-C7DA116AC410}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C78E3B0-1F9D-425D-80DA-C7DA116AC410}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{F48F1E61-9147-46A5-AB8E-F3AD17622FEB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83D5EB8C-DF68-424D-B022-A9B8BAFFF04E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83D5EB8C-DF68-424D-B022-A9B8BAFFF04E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8981365B-4EDC-49B7-8921-F962BE59E95D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8981365B-4EDC-49B7-8921-F962BE59E95D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67F2EB62-4D10-45A7-B349-B62B1CABF366}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A43A282F-F149-47CC-85F7-D771A1375A38}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A43A282F-F149-47CC-85F7-D771A1375A38}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6BBE06F-66BB-4F6F-84FF-E2F1CF57302A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6BBE06F-66BB-4F6F-84FF-E2F1CF57302A}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8A965BB-EE14-4899-80DE-27896AA0D2B9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8A965BB-EE14-4899-80DE-27896AA0D2B9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A3D5ED5B-2BBA-4FBA-A0D2-49A4C7EF472E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB38A32D-6BB9-4B3F-8406-5288FAD00F9C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB38A32D-6BB9-4B3F-8406-5288FAD00F9C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RnLSoHorKHAfsK" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4B0C035-9F06-4B45-84D9-993191D5590E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4B0C035-9F06-4B45-84D9-993191D5590E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6CF70C3-9121-415C-87FB-C2DF308CA40D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6CF70C3-9121-415C-87FB-C2DF308CA40D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{24129308-5599-4FAC-AC9E-2EF2C2BAAD42}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBF936B2-C883-4314-88A4-ACD45D138608}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBF936B2-C883-4314-88A4-ACD45D138608}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-633011263-2948650064-3403545423-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF79606C-2CED-43FB-9A1F-F816CBAD16CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF79606C-2CED-43FB-9A1F-F816CBAD16CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-633011263-2948650064-3403545423-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF8FE9CE-C44A-451B-8347-FD8373C7B632}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8FE9CE-C44A-451B-8347-FD8373C7B632}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-633011263-2948650064-3403545423-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFBBCA6B-4A3B-4F92-8F49-F5E8095FD61D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFBBCA6B-4A3B-4F92-8F49-F5E8095FD61D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCE6A4E9-8616-4CB7-A206-7AECE088BF33}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE6A4E9-8616-4CB7-A206-7AECE088BF33}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyBrowser => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D865D872-EED0-48E6-AB32-B01956C98583}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D865D872-EED0-48E6-AB32-B01956C98583}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bdKpr1qzAGe5LnaFfF9R" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F209427A-2B47-426E-BB84-4EEBB188D7E4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F209427A-2B47-426E-BB84-4EEBB188D7E4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully.
C:\Windows\Tasks\bdKpr1qzAGe5LnaFfF9R.job => moved successfully
C:\Windows\Tasks\CJwE8lX5MJFiS32Km9yxUAnnzZ.job => moved successfully
C:\Windows\Tasks\g8I4GWQFf.job => moved successfully
C:\Windows\Tasks\RnLSoHorKHAfsK.job => moved successfully
C:\Program Files\doughboy\purpose.exe => moved successfully
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{137E99DD-0CC1-4D0C-98D6-343329AEF35A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8EAF7512-CAD9-4EB9-867A-F2DC7B696687} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F03F2F5B-7D97-4560-9E21-C17222A0D1B7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43EF963F-61AE-4487-AD03-BB17007E5AFD} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FDBEAB3-2065-46AB-B79E-A98A8A2D2AFB} => value removed successfully.
BrsHelper => service removed successfully.
blbdrive => service removed successfully.
catchme => service removed successfully.
sbmntr => service removed successfully.
C:\Program Files\doughboy => moved successfully
C:\Program Files\exhibitor => moved successfully
"C:\Users\G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com" => not found.
"C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\G\AppData\Roaming\bdKpr1qzAGe5LnaFfF9R.exe" => not found.
"C:\Users\G\AppData\Roaming\CJwE8lX5MJFiS32Km9yxUAnnzZ.exe" => not found.
"C:\Users\G\AppData\Roaming\g8I4GWQFf.exe" => not found.
"C:\Users\G\AppData\Roaming\RnLSoHorKHAfsK.exe" => not found.
"C:\Users\G\AppData\Local\ddnowyes.exe" => not found.
"C:\Users\G\AppData\Local\Temp\installer1.exe" => not found.
"C:\Users\G\AppData\Local\44761475.exe" => not found.
"C:\Users\G\AppData\Local\tinstall.exe" => not found.
"C:\Program Files\exhibitor\solari.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17062997 B
Java, Flash, Steam htmlcache => 6229 B
Windows/system/drivers => 203201026 B
Edge => 0 B
Chrome => 313359202 B
Firefox => 0 B
Opera => 108925299 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 6458758 B
LocalService => 133056 B
NetworkService => 60798422 B
G => 888541974 B
Jonathon Drake => 221724514 B
guest1 => 992884 B
Guest => 1997198 B

RecycleBin => 1023888 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:21:33 ====



#7 gazzer77

gazzer77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 21 September 2016 - 07:08 PM

Pop ups r gone, i updated, shock, & Java,
Windows update just keeps trying to connect, , no go though.
Browser loads slow.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 22 September 2016 - 10:24 AM

Microsoft updates may be trying to create a restore point.
Your Restore point is corrupted.
Try to repair it.


This program will recreate the correct registry setting and re-register all VSS components. Please download one of the below programs to fix your problem:

Operating system 32 or 64 bit.

VSSfix 32bit
http://updates.macrium.com/reflect/utilities/vssfix.exe

VSSfix 64bit
http://updates.macrium.com/reflect/utilities/vssfixx64.exe

You can right click the exe file and run as Administrator in normal mode and see if that solves the problem. If not try running in Safe Mode.

Keep me posted.

#9 gazzer77

gazzer77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 September 2016 - 06:59 PM

it didn't work. i tried starting the system in safe mode. access denied message says system configeration cannot save the origanal boot configeration for later restoration . boot changes will be reverted. access denied.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 23 September 2016 - 09:22 AM


Windows updates issues - Fixes recommended.

https://support.microsoft.com/en-ca/kb/2509997

===
Navigate to the link and execute Method 1: Run the Windows Update troubleshooter
Download the trouble shooter tool and run it.

Let me know what you find.

#11 gazzer77

gazzer77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 26 September 2016 - 10:12 AM

the computer running slow. and i can't find a link to the fixit too. very frustrating.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 26 September 2016 - 01:00 PM



Refer to this article and select Never check for updates
http://www.addictivetips.com/windows-tips/how-to-disable-windows-vista-from-downloading-automatic-updates/

Restart the computer when done.


Any change?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users