Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware, adware issues [Solved]


  • This topic is locked This topic is locked

#16
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK, here are the latest reports

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Lizbeth (administrator) on LIZBETH-PC on 06-04-2014 17:58:26
Running from C:\Users\Lizbeth\Desktop
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
() C:\Program Files\WinRST\WinRST.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2008-03-27] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-05-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-26] (Google)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3896089956-457986621-1509175122-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3896089956-457986621-1509175122-1000\...\MountPoints2: {57ea5736-72d5-11e3-90d8-001d09c86600} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3896089956-457986621-1509175122-1304\...\MountPoints2: {57ea5736-72d5-11e3-90d8-001d09c86600} - "F:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-03-26] (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Pirrit Suggestor - C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\profiles\extensions\[email protected] [2014-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [{26ec3b5b-aa6a-4247-9c59-9788deea28a2}] - C:\Program Files\BlockAndSurf Corp\158.xpi
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Extension: (Google Drive) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (YouTube) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (avast! Online Security) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Freemake Video Converter) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-04-04]
CHR Extension: ( MalaysiaBay Redirector) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdoddcdidelnlglppigljlmnkgafjjf [2013-02-08]
CHR Extension: (Google Wallet) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-26] (Google)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-02-13] (SupportSoft, Inc.)
R2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] ()
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-06-27] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-06 17:58 - 2014-04-06 17:58 - 00010568 _____ () C:\Users\Lizbeth\Desktop\FRST.txt
2014-04-06 17:58 - 2014-04-06 17:58 - 00000000 ____D () C:\FRST
2014-04-06 17:56 - 2014-04-06 17:53 - 01145856 _____ (Farbar) C:\Users\Lizbeth\Desktop\FRST.exe
2014-04-06 15:21 - 2014-04-06 15:21 - 00001142 _____ () C:\Users\Lizbeth\Desktop\JRT.txt
2014-04-06 15:08 - 2014-04-06 15:08 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 15:01 - 2014-04-06 15:01 - 00139232 _____ () C:\Windows\Minidump\Mini040614-02.dmp
2014-04-06 14:45 - 2014-04-06 14:51 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:44 - 2014-04-06 14:39 - 01016261 _____ (Thisisu) C:\Users\Lizbeth\Desktop\JRT.exe
2014-04-06 14:44 - 2014-04-06 14:38 - 01426178 _____ () C:\Users\Lizbeth\Desktop\AdwCleaner.exe
2014-04-06 12:44 - 2014-04-06 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 12:44 - 2014-04-06 12:44 - 00139232 _____ () C:\Windows\Minidump\Mini040614-01.dmp
2014-04-06 12:43 - 2014-04-06 15:01 - 264801431 _____ () C:\Windows\MEMORY.DMP
2014-04-06 12:42 - 2014-04-06 12:42 - 00000000 ____D () C:\_OTL
2014-04-05 18:48 - 2014-04-05 18:48 - 00018000 _____ () C:\Users\Lizbeth\Desktop\Extras.Txt
2014-04-05 18:45 - 2014-04-06 15:32 - 00054600 _____ () C:\Users\Lizbeth\Desktop\OTL.Txt
2014-04-05 18:27 - 2014-04-05 18:24 - 00000216 _____ () C:\Users\Lizbeth\Desktop\text.txt
2014-04-05 18:27 - 2014-04-05 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lizbeth\Desktop\OTL.exe
2014-04-05 18:26 - 2014-04-05 18:26 - 00000719 _____ () C:\Windows\setupact.log
2014-04-05 18:26 - 2014-04-05 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:54 - 2014-04-04 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 16:53 - 2014-04-04 16:53 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\WinRST
2014-04-04 16:53 - 2014-04-04 16:53 - 00000000 ____D () C:\Program Files\WinRST
2014-04-04 16:50 - 2014-04-03 11:08 - 01176896 _____ (AnyProtect.com) C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
2014-04-04 16:01 - 2014-04-04 16:00 - 01176896 _____ (AnyProtect.com) C:\Users\Lizbeth\AppData\Local\nsk1CD.tmp
2014-04-04 15:59 - 2014-04-05 10:59 - 00000080 _____ () C:\Users\Lizbeth\AppData\Roaming\WB.CFG
2014-03-30 12:47 - 2014-03-30 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lizbeth\Downloads\UnityWebPlayer.exe
2014-03-24 19:53 - 2014-04-06 17:58 - 00469388 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 19:51 - 2014-04-05 10:05 - 00066368 _____ () C:\Users\Lizbeth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 19:49 - 2014-04-05 14:19 - 00030060 _____ () C:\Windows\PFRO.log
2014-03-24 19:49 - 2014-04-05 10:33 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 19:11 - 2014-03-24 19:11 - 00450560 _____ () C:\Users\Steve\NTUSER.rhk
2014-03-24 18:53 - 2014-03-31 17:00 - 00000382 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-24 18:47 - 2014-04-06 15:54 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
2014-03-24 17:54 - 2014-03-24 17:54 - 00000951 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 ____D () C:\Program Files\Wise
2014-03-24 17:26 - 2014-03-24 17:26 - 00008704 _____ () C:\Users\Lizbeth\Documents\lizbeths CV.wps
2014-03-24 17:21 - 2014-03-24 17:26 - 00000294 _____ () C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
2014-03-24 17:21 - 2014-03-24 17:21 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Template
2014-03-22 19:51 - 2014-03-22 19:51 - 00000000 ____D () C:\ProgramData\Hazard Perception Training
2014-03-22 19:49 - 2014-03-26 13:07 - 00000000 ____D () C:\ProgramData\Driving Test Success
2014-03-22 11:45 - 2014-03-22 11:45 - 00000000 _____ () C:\Windows\PROTOCOL.INI
2014-03-22 11:44 - 2014-03-26 09:43 - 00000000 ____D () C:\lgvpcv
2014-03-22 11:43 - 1998-02-06 23:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\IO.SYS
2014-03-07 11:51 - 2014-03-07 11:51 - 00000000 ____D () C:\Users\Lizbeth\Downloads\World War Z 2013.Unrated.1080p.BluRay.x264 . NVEE
2014-03-07 11:37 - 2014-03-07 11:37 - 00000000 ____D () C:\Users\Lizbeth\Downloads\Turbo (2013) [1080p]
2014-03-07 11:32 - 2014-03-07 11:32 - 00000000 ____D () C:\Users\Lizbeth\Downloads\This Is the End (2013) [1080p]
2014-03-07 11:29 - 2014-03-07 11:29 - 00000000 ____D () C:\Users\Lizbeth\Downloads\Premium Rush (2012)
2014-03-07 11:22 - 2013-10-14 20:24 - 1828397408 _____ () C:\Users\Lizbeth\Downloads\The.Croods.2013.1080p.BluRay.x264.anoXmous_.mp4
2014-03-07 11:12 - 2014-03-07 11:12 - 00000000 ____D () C:\Users\Lizbeth\Downloads\Pacific Rim (2013) [1080p]
2014-03-07 11:06 - 2014-03-07 11:06 - 00000000 ____D () C:\Users\Lizbeth\Downloads\After.Earth.2013.1080p.BRRip.h264.AAC-RARBG
 
==================== One Month Modified Files and Folders =======
 
2014-04-06 17:58 - 2014-04-06 17:58 - 00010568 _____ () C:\Users\Lizbeth\Desktop\FRST.txt
2014-04-06 17:58 - 2014-04-06 17:58 - 00000000 ____D () C:\FRST
2014-04-06 17:58 - 2014-03-24 19:53 - 00469388 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 17:57 - 2006-11-02 11:33 - 00729376 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 17:53 - 2014-04-06 17:56 - 01145856 _____ (Farbar) C:\Users\Lizbeth\Desktop\FRST.exe
2014-04-06 17:53 - 2006-11-02 13:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 17:53 - 2006-11-02 13:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 17:26 - 2012-12-03 08:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 17:13 - 2013-03-06 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 15:55 - 2012-12-03 08:47 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 15:54 - 2014-03-24 18:47 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
2014-04-06 15:53 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 15:52 - 2006-11-02 14:01 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-06 15:32 - 2014-04-05 18:45 - 00054600 _____ () C:\Users\Lizbeth\Desktop\OTL.Txt
2014-04-06 15:21 - 2014-04-06 15:21 - 00001142 _____ () C:\Users\Lizbeth\Desktop\JRT.txt
2014-04-06 15:08 - 2014-04-06 15:08 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 15:01 - 2014-04-06 15:01 - 00139232 _____ () C:\Windows\Minidump\Mini040614-02.dmp
2014-04-06 15:01 - 2014-04-06 12:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 15:01 - 2014-04-06 12:43 - 264801431 _____ () C:\Windows\MEMORY.DMP
2014-04-06 14:51 - 2014-04-06 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:39 - 2014-04-06 14:44 - 01016261 _____ (Thisisu) C:\Users\Lizbeth\Desktop\JRT.exe
2014-04-06 14:38 - 2014-04-06 14:44 - 01426178 _____ () C:\Users\Lizbeth\Desktop\AdwCleaner.exe
2014-04-06 13:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-06 12:44 - 2014-04-06 12:44 - 00139232 _____ () C:\Windows\Minidump\Mini040614-01.dmp
2014-04-06 12:42 - 2014-04-06 12:42 - 00000000 ____D () C:\_OTL
2014-04-05 18:48 - 2014-04-05 18:48 - 00018000 _____ () C:\Users\Lizbeth\Desktop\Extras.Txt
2014-04-05 18:26 - 2014-04-05 18:26 - 00000719 _____ () C:\Windows\setupact.log
2014-04-05 18:26 - 2014-04-05 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 18:24 - 2014-04-05 18:27 - 00000216 _____ () C:\Users\Lizbeth\Desktop\text.txt
2014-04-05 18:17 - 2014-04-05 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Lizbeth\Desktop\OTL.exe
2014-04-05 14:19 - 2014-03-24 19:49 - 00030060 _____ () C:\Windows\PFRO.log
2014-04-05 14:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-04-05 13:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\SchCache
2014-04-05 13:04 - 2012-12-04 11:00 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-04-05 10:59 - 2014-04-04 15:59 - 00000080 _____ () C:\Users\Lizbeth\AppData\Roaming\WB.CFG
2014-04-05 10:33 - 2014-03-24 19:49 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 10:28 - 2008-03-26 23:29 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 10:05 - 2014-03-24 19:51 - 00066368 _____ () C:\Users\Lizbeth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 16:54 - 2014-04-04 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 16:54 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-04 16:53 - 2014-04-04 16:53 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\WinRST
2014-04-04 16:53 - 2014-04-04 16:53 - 00000000 ____D () C:\Program Files\WinRST
2014-04-04 16:52 - 2013-03-21 11:41 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Mozilla
2014-04-04 16:16 - 2013-03-06 14:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-04 16:16 - 2013-03-06 14:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-04 16:00 - 2014-04-04 16:01 - 01176896 _____ (AnyProtect.com) C:\Users\Lizbeth\AppData\Local\nsk1CD.tmp
2014-04-03 13:20 - 2013-04-14 18:31 - 00000000 ____D () C:\Users\Lizbeth\.umplayer
2014-04-03 13:19 - 2012-12-05 15:43 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\uTorrent
2014-04-03 11:08 - 2014-04-04 16:50 - 01176896 _____ (AnyProtect.com) C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
2014-03-31 17:00 - 2014-03-24 18:53 - 00000382 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-30 12:47 - 2014-03-30 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lizbeth\Downloads\UnityWebPlayer.exe
2014-03-28 12:10 - 2013-04-14 18:33 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\MPlayer
2014-03-26 13:07 - 2014-03-22 19:49 - 00000000 ____D () C:\ProgramData\Driving Test Success
2014-03-26 09:43 - 2014-03-22 11:44 - 00000000 ____D () C:\lgvpcv
2014-03-24 19:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2014-03-24 19:12 - 2006-11-02 11:22 - 31195136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-24 19:11 - 2014-03-24 19:11 - 00450560 _____ () C:\Users\Steve\NTUSER.rhk
2014-03-24 19:11 - 2014-01-01 12:24 - 00000000 ____D () C:\Users\Steve
2014-03-24 18:52 - 2006-11-10 14:22 - 00000000 ____D () C:\Windows\Panther
2014-03-24 18:17 - 2013-11-03 11:25 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Samsung
2014-03-24 18:17 - 2013-11-03 11:25 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\Samsung
2014-03-24 18:13 - 2013-11-03 11:09 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-24 18:13 - 2008-03-26 23:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-24 17:59 - 2008-03-26 23:18 - 00000000 ____D () C:\Program Files\Dell
2014-03-24 17:57 - 2013-05-26 19:58 - 00000000 ____D () C:\Poker
2014-03-24 17:54 - 2014-03-24 17:54 - 00000951 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 ____D () C:\Program Files\Wise
2014-03-24 17:26 - 2014-03-24 17:26 - 00008704 _____ () C:\Users\Lizbeth\Documents\lizbeths CV.wps
2014-03-24 17:26 - 2014-03-24 17:21 - 00000294 _____ () C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
2014-03-24 17:21 - 2014-03-24 17:21 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Template
2014-03-24 17:01 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-22 19:52 - 2012-12-02 22:33 - 00058368 _____ () C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-22 19:51 - 2014-03-22 19:51 - 00000000 ____D () C:\ProgramData\Hazard Perception Training
2014-03-22 11:45 - 2014-03-22 11:45 - 00000000 _____ () C:\Windows\PROTOCOL.INI
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\IO.SYS
2014-03-15 16:47 - 2012-12-03 08:50 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-07 11:51 - 2014-03-07 11:51 - 00000000 ____D () C:\Users\Lizbeth\Downloads\World War Z 2013.Unrated.1080p.BluRay.x264 . NVEE
2014-03-07 11:37 - 2014-03-07 11:37 - 00000000 ____D () C:\Users\Lizbeth\Downloads\Turbo (2013) [1080p]
2014-03-07 11:32 - 2014-03-07 11:32 - 00000000 ____D () C:\Users\Lizbeth\Downloads\This Is the End (2013) [1080p]
2014-03-07 11:29 - 2014-03-07 11:29 - 00000000 ____D () C:\Users\Lizbeth\Downloads\Premium Rush (2012)
2014-03-07 11:12 - 2014-03-07 11:12 - 00000000 ____D () C:\Users\Lizbeth\Downloads\Pacific Rim (2013) [1080p]
2014-03-07 11:06 - 2014-03-07 11:06 - 00000000 ____D () C:\Users\Lizbeth\Downloads\After.Earth.2013.1080p.BRRip.h264.AAC-RARBG
 
Some content of TEMP:
====================
C:\Users\Lizbeth\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lizbeth\AppData\Local\Temp\Quarantine.exe
C:\Users\Lizbeth\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Lizbeth\AppData\Local\Temp\SpOrder.dll
C:\Users\Lizbeth\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-06 16:02
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Lizbeth at 2014-04-06 17:58:58
Running from C:\Users\Lizbeth\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
 
==================== Restore Points  =========================
 
01-04-2014 08:53:45 Windows Update
02-04-2014 08:56:03 Scheduled Checkpoint
03-04-2014 15:32:25 Scheduled Checkpoint
04-04-2014 09:28:43 Windows Update
04-04-2014 15:56:50 Windows Defender Checkpoint
05-04-2014 09:14:59 Removed Shopping Helper Smartbar
05-04-2014 09:24:31 Removed Hazard Perception 2004-2005
05-04-2014 09:28:04 Removed OutlookAddinSetup
05-04-2014 09:29:47 Removed Broadcom Management Programs.
05-04-2014 13:24:56 Removed Samsung Story Album Viewer
05-04-2014 13:26:37 Removed Samsung Story Album Viewer
05-04-2014 17:34:06 OTL Restore Point - 05/04/2014 18:34:06
06-04-2014 15:27:17 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 11:23 - 2014-04-04 16:53 - 00008846 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
216.239.32.20 google.com 
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar 
216.239.32.20 google.com www.google.as 
216.239.32.20 google.com www.google.at 
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az 
216.239.32.20 google.com www.google.ba 
216.239.32.20 google.com www.google.com.bd 
216.239.32.20 google.com www.google.be 
216.239.32.20 google.com www.google.bf 
216.239.32.20 google.com www.google.bg 
216.239.32.20 google.com www.google.com.bh 
216.239.32.20 google.com www.google.bi 
216.239.32.20 google.com www.google.bj 
216.239.32.20 google.com www.google.com.bn 
216.239.32.20 google.com www.google.com.bo 
216.239.32.20 google.com www.google.com.br 
216.239.32.20 google.com www.google.bs 
216.239.32.20 google.com www.google.bt 
216.239.32.20 google.com www.google.co.bw 
 
There are 163 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3BFAA3E4-1E32-4748-A7F8-205A13A5A7C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {9A4158C0-8A82-49DC-8C18-1D18C3415FF2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {9CEAD17D-797F-4932-ADC5-E7669E1387D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A73AB1FA-94FD-4506-A681-76D954BFEE56} - System32\Tasks\Wise Turbo Checker => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {CCF29A32-007F-4457-8560-5412064A2F0A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F01E673A-BC2E-4505-933D-7097EAB7F6C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2007-04-25 11:55 - 2007-04-25 11:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-07-25 17:25 - 2007-07-25 17:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2014-04-06 14:56 - 2014-04-06 08:37 - 02284032 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2007-04-27 09:34 - 2007-04-27 09:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2008-03-26 23:24 - 2008-03-26 23:24 - 00036352 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2014-04-04 16:53 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files\WinRST\WinRST.exe
2008-03-27 06:59 - 2007-05-25 08:00 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (04/06/2014 03:55:40 PM) (Source: Service Control Manager) (User: )
Description: WinRST
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-06 15:53:13.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-06 15:09:55.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-06 14:53:53.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-06 12:34:13.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-05 17:52:04.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-05 16:10:04.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-05 16:10:04.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-05 16:10:04.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-05 16:10:04.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-05 16:10:04.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 2037.43 MB
Available physical RAM: 1162.88 MB
Total Pagefile: 4285.63 MB
Available Pagefile: 3314.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.43 GB) (Free:54.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.78 GB) NTFS
Drive f: (BYTE STORE) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

Advertisements


#17
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey,
hopefully FRST is able to get the nasty animals in your PC.

Step 1: FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2: FRST Scan
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Attached Files


  • 0

#18
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hello again,

 

here are the new logs

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01

Ran by Lizbeth at 2014-04-07 18:02:57 Run:1
Running from C:\Users\Lizbeth\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
HKU\S-1-5-21-3896089956-457986621-1509175122-1000\...\MountPoints2: {57ea5736-72d5-11e3-90d8-001d09c86600} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3896089956-457986621-1509175122-1304\...\MountPoints2: {57ea5736-72d5-11e3-90d8-001d09c86600} - "F:\WD Drive Unlock.exe" autoplay=true
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
ProxyServer: http=http://127.0.0.1:9880
FF Extension: Pirrit Suggestor - C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\profiles\extensions\[email protected] [2014-04-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] ()
C:\Program Files\WinRST
C:\Users\Lizbeth\AppData\Local\WinRST
C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe
C:\Users\Lizbeth\AppData\Local\nsk1CD.tmp
C:\Users\Lizbeth\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Lizbeth\AppData\Local\Temp\SpOrder.dll
C:\Users\Lizbeth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Lizbeth\AppData\Local\Temp\BackupSetup.exe
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKU\S-1-5-21-3896089956-457986621-1509175122-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600} => Key deleted successfully.
HKCR\CLSID\{57ea5736-72d5-11e3-90d8-001d09c86600} => Key not found.
HKU\S-1-5-21-3896089956-457986621-1509175122-1304\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ea5736-72d5-11e3-90d8-001d09c86600} => Key deleted successfully.
HKCR\CLSID\{57ea5736-72d5-11e3-90d8-001d09c86600} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Users\Lizbeth\AppData\Roaming\Mozilla\Firefox\profiles\extensions\[email protected] => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
WinRST => Unable to stop service
WinRST => Service deleted successfully.
C:\Program Files\WinRST => Moved successfully.
C:\Users\Lizbeth\AppData\Local\WinRST => Moved successfully.
C:\Users\Lizbeth\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
C:\Users\Lizbeth\AppData\Local\nsk1CD.tmp => Moved successfully.
C:\Users\Lizbeth\AppData\Local\Temp\ShoppinHelper2new2.exe => Moved successfully.
C:\Users\Lizbeth\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Lizbeth\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\Lizbeth\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Lizbeth (administrator) on LIZBETH-PC on 07-04-2014 18:13:43
Running from C:\Users\Lizbeth\Desktop
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2008-03-27] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-05-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-26] (Google)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-06] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3896089956-457986621-1509175122-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-03-26] (Google)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [{26ec3b5b-aa6a-4247-9c59-9788deea28a2}] - C:\Program Files\BlockAndSurf Corp\158.xpi
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Extension: (Google Drive) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (YouTube) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (avast! Online Security) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Freemake Video Converter) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-04-04]
CHR Extension: ( MalaysiaBay Redirector) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdoddcdidelnlglppigljlmnkgafjjf [2013-02-08]
CHR Extension: (Google Wallet) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-04]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-06] (AVAST Software)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-26] (Google)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-02-13] (SupportSoft, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-06] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-06 19:06 - 2014-04-06 19:06 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\AVAST Software
2014-04-06 19:01 - 2014-04-06 19:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 19:01 - 2014-04-06 19:01 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 17:58 - 2014-04-07 18:13 - 00009442 _____ () C:\Users\Lizbeth\Desktop\FRST.txt
2014-04-06 17:58 - 2014-04-07 18:13 - 00000000 ____D () C:\FRST
2014-04-06 17:56 - 2014-04-06 17:53 - 01145856 _____ (Farbar) C:\Users\Lizbeth\Desktop\FRST.exe
2014-04-06 15:21 - 2014-04-06 15:21 - 00001142 _____ () C:\Users\Lizbeth\Desktop\JRT.txt
2014-04-06 15:08 - 2014-04-06 15:08 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 15:01 - 2014-04-06 15:01 - 00139232 _____ () C:\Windows\Minidump\Mini040614-02.dmp
2014-04-06 14:45 - 2014-04-06 14:51 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:44 - 2014-04-06 14:39 - 01016261 _____ (Thisisu) C:\Users\Lizbeth\Desktop\JRT.exe
2014-04-06 14:44 - 2014-04-06 14:38 - 01426178 _____ () C:\Users\Lizbeth\Desktop\AdwCleaner.exe
2014-04-06 12:44 - 2014-04-06 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 12:44 - 2014-04-06 12:44 - 00139232 _____ () C:\Windows\Minidump\Mini040614-01.dmp
2014-04-06 12:43 - 2014-04-06 15:01 - 264801431 _____ () C:\Windows\MEMORY.DMP
2014-04-06 12:42 - 2014-04-06 12:42 - 00000000 ____D () C:\_OTL
2014-04-05 18:48 - 2014-04-05 18:48 - 00018000 _____ () C:\Users\Lizbeth\Desktop\Extras.Txt
2014-04-05 18:45 - 2014-04-06 15:32 - 00054600 _____ () C:\Users\Lizbeth\Desktop\OTL.Txt
2014-04-05 18:27 - 2014-04-05 18:24 - 00000216 _____ () C:\Users\Lizbeth\Desktop\text.txt
2014-04-05 18:27 - 2014-04-05 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lizbeth\Desktop\OTL.exe
2014-04-05 18:26 - 2014-04-05 18:26 - 00000719 _____ () C:\Windows\setupact.log
2014-04-05 18:26 - 2014-04-05 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:54 - 2014-04-07 18:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 15:59 - 2014-04-05 10:59 - 00000080 _____ () C:\Users\Lizbeth\AppData\Roaming\WB.CFG
2014-03-30 12:47 - 2014-03-30 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lizbeth\Downloads\UnityWebPlayer.exe
2014-03-24 19:53 - 2014-04-07 18:09 - 00493301 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 19:51 - 2014-04-05 10:05 - 00066368 _____ () C:\Users\Lizbeth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 19:49 - 2014-04-06 19:05 - 00182724 _____ () C:\Windows\PFRO.log
2014-03-24 19:49 - 2014-04-05 10:33 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 19:11 - 2014-03-24 19:11 - 00450560 _____ () C:\Users\Steve\NTUSER.rhk
2014-03-24 18:53 - 2014-03-31 17:00 - 00000382 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-24 18:47 - 2014-04-07 18:06 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
2014-03-24 17:54 - 2014-03-24 17:54 - 00000951 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 ____D () C:\Program Files\Wise
2014-03-24 17:26 - 2014-03-24 17:26 - 00008704 _____ () C:\Users\Lizbeth\Documents\lizbeths CV.wps
2014-03-24 17:21 - 2014-03-24 17:26 - 00000294 _____ () C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
2014-03-24 17:21 - 2014-03-24 17:21 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Template
2014-03-22 19:51 - 2014-03-22 19:51 - 00000000 ____D () C:\ProgramData\Hazard Perception Training
2014-03-22 19:49 - 2014-03-26 13:07 - 00000000 ____D () C:\ProgramData\Driving Test Success
2014-03-22 11:45 - 2014-03-22 11:45 - 00000000 _____ () C:\Windows\PROTOCOL.INI
2014-03-22 11:44 - 2014-03-26 09:43 - 00000000 ____D () C:\lgvpcv
2014-03-22 11:43 - 1998-02-06 23:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\IO.SYS
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 18:13 - 2014-04-06 17:58 - 00009442 _____ () C:\Users\Lizbeth\Desktop\FRST.txt
2014-04-07 18:13 - 2014-04-06 17:58 - 00000000 ____D () C:\FRST
2014-04-07 18:13 - 2013-03-06 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 18:10 - 2006-11-02 11:33 - 00729376 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 18:09 - 2014-03-24 19:53 - 00493301 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 18:06 - 2014-04-04 16:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-07 18:06 - 2014-03-24 18:47 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
2014-04-07 18:06 - 2012-12-03 08:47 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 18:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 18:05 - 2006-11-02 13:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 18:05 - 2006-11-02 13:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 18:04 - 2006-11-02 14:01 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-07 18:02 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-06 19:26 - 2012-12-03 08:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 19:06 - 2014-04-06 19:06 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\AVAST Software
2014-04-06 19:05 - 2014-03-24 19:49 - 00182724 _____ () C:\Windows\PFRO.log
2014-04-06 19:01 - 2014-04-06 19:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 19:01 - 2014-04-06 19:01 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 19:01 - 2013-03-02 19:34 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-06 19:01 - 2013-03-02 19:34 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-06 19:01 - 2012-12-03 08:46 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-06 18:59 - 2012-12-03 00:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-06 18:58 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-04-06 17:53 - 2014-04-06 17:56 - 01145856 _____ (Farbar) C:\Users\Lizbeth\Desktop\FRST.exe
2014-04-06 15:32 - 2014-04-05 18:45 - 00054600 _____ () C:\Users\Lizbeth\Desktop\OTL.Txt
2014-04-06 15:21 - 2014-04-06 15:21 - 00001142 _____ () C:\Users\Lizbeth\Desktop\JRT.txt
2014-04-06 15:08 - 2014-04-06 15:08 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 15:01 - 2014-04-06 15:01 - 00139232 _____ () C:\Windows\Minidump\Mini040614-02.dmp
2014-04-06 15:01 - 2014-04-06 12:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 15:01 - 2014-04-06 12:43 - 264801431 _____ () C:\Windows\MEMORY.DMP
2014-04-06 14:51 - 2014-04-06 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:39 - 2014-04-06 14:44 - 01016261 _____ (Thisisu) C:\Users\Lizbeth\Desktop\JRT.exe
2014-04-06 14:38 - 2014-04-06 14:44 - 01426178 _____ () C:\Users\Lizbeth\Desktop\AdwCleaner.exe
2014-04-06 13:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-06 12:44 - 2014-04-06 12:44 - 00139232 _____ () C:\Windows\Minidump\Mini040614-01.dmp
2014-04-06 12:42 - 2014-04-06 12:42 - 00000000 ____D () C:\_OTL
2014-04-05 18:48 - 2014-04-05 18:48 - 00018000 _____ () C:\Users\Lizbeth\Desktop\Extras.Txt
2014-04-05 18:26 - 2014-04-05 18:26 - 00000719 _____ () C:\Windows\setupact.log
2014-04-05 18:26 - 2014-04-05 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 18:24 - 2014-04-05 18:27 - 00000216 _____ () C:\Users\Lizbeth\Desktop\text.txt
2014-04-05 18:17 - 2014-04-05 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Lizbeth\Desktop\OTL.exe
2014-04-05 14:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-04-05 13:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\SchCache
2014-04-05 13:04 - 2012-12-04 11:00 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-04-05 10:59 - 2014-04-04 15:59 - 00000080 _____ () C:\Users\Lizbeth\AppData\Roaming\WB.CFG
2014-04-05 10:33 - 2014-03-24 19:49 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 10:28 - 2008-03-26 23:29 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 10:05 - 2014-03-24 19:51 - 00066368 _____ () C:\Users\Lizbeth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 16:52 - 2013-03-21 11:41 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Mozilla
2014-04-04 16:16 - 2013-03-06 14:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-04 16:16 - 2013-03-06 14:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 13:20 - 2013-04-14 18:31 - 00000000 ____D () C:\Users\Lizbeth\.umplayer
2014-04-03 13:19 - 2012-12-05 15:43 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\uTorrent
2014-03-31 17:00 - 2014-03-24 18:53 - 00000382 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-30 12:47 - 2014-03-30 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lizbeth\Downloads\UnityWebPlayer.exe
2014-03-28 12:10 - 2013-04-14 18:33 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\MPlayer
2014-03-26 13:07 - 2014-03-22 19:49 - 00000000 ____D () C:\ProgramData\Driving Test Success
2014-03-26 09:43 - 2014-03-22 11:44 - 00000000 ____D () C:\lgvpcv
2014-03-24 19:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2014-03-24 19:12 - 2006-11-02 11:22 - 31195136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-24 19:11 - 2014-03-24 19:11 - 00450560 _____ () C:\Users\Steve\NTUSER.rhk
2014-03-24 19:11 - 2014-01-01 12:24 - 00000000 ____D () C:\Users\Steve
2014-03-24 18:52 - 2006-11-10 14:22 - 00000000 ____D () C:\Windows\Panther
2014-03-24 18:17 - 2013-11-03 11:25 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Samsung
2014-03-24 18:17 - 2013-11-03 11:25 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\Samsung
2014-03-24 18:13 - 2013-11-03 11:09 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-24 18:13 - 2008-03-26 23:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-24 17:59 - 2008-03-26 23:18 - 00000000 ____D () C:\Program Files\Dell
2014-03-24 17:57 - 2013-05-26 19:58 - 00000000 ____D () C:\Poker
2014-03-24 17:54 - 2014-03-24 17:54 - 00000951 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 ____D () C:\Program Files\Wise
2014-03-24 17:26 - 2014-03-24 17:26 - 00008704 _____ () C:\Users\Lizbeth\Documents\lizbeths CV.wps
2014-03-24 17:26 - 2014-03-24 17:21 - 00000294 _____ () C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
2014-03-24 17:21 - 2014-03-24 17:21 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Template
2014-03-24 17:01 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-22 19:52 - 2012-12-02 22:33 - 00058368 _____ () C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-22 19:51 - 2014-03-22 19:51 - 00000000 ____D () C:\ProgramData\Hazard Perception Training
2014-03-22 11:45 - 2014-03-22 11:45 - 00000000 _____ () C:\Windows\PROTOCOL.INI
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\IO.SYS
2014-03-15 16:47 - 2012-12-03 08:50 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\Lizbeth\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-07 18:11
 
==================== End Of Log ============================
 
I ran it twice but no addition.txt file was produced. The internet is now working  :D  but the control panel is still not working as normal.

Edited by St3liz, 07 April 2014 - 12:44 PM.

  • 0

#19
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hi! :)

Step 1: FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2: FRST Scan
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning FRST.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the content of the logs into your next post please.
Step 3: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 4: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
How to do this?
  • Visit this website here
  • You will see a screen like this:

    e922iil8.png
    • Click Run ESET Online Scanner

      4e3svhbd.png
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      p35jbmyy.png
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      p3b9meru.png
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

Attached Files


  • 0

#20
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi,

 

Here are the results, I was unable to download ESET as you described as IE would not work correctly. It kept shutting down or would not accept the website address.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Lizbeth at 2014-04-08 18:22:25 Run:3
Running from C:\Users\Lizbeth\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
FF HKCU\...\Firefox\Extensions: [{26ec3b5b-aa6a-4247-9c59-9788deea28a2}] - C:\Program Files\BlockAndSurf Corp\158.xpi
2014-03-22 11:43 - 1998-02-06 23:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
 
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{26ec3b5b-aa6a-4247-9c59-9788deea28a2} => Value not found.
"C:\Windows\uninst.exe" => File/Directory not found.
 
==== End of Fixlog ====
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Lizbeth (administrator) on LIZBETH-PC on 08-04-2014 18:23:35
Running from C:\Users\Lizbeth\Desktop
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Macrovision Corporation) c:\program files\common files\installshield\updateservice\isuspm.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2008-03-27] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-05-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-26] (Google)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-06] (AVAST Software)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3896089956-457986621-1509175122-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-03-26] (Google)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Extension: (Google Drive) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (YouTube) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (avast! Online Security) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Freemake Video Converter) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-04-04]
CHR Extension: ( MalaysiaBay Redirector) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdoddcdidelnlglppigljlmnkgafjjf [2013-02-08]
CHR Extension: (Google Wallet) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Lizbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-04]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-06] (AVAST Software)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-26] (Google)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-02-13] (SupportSoft, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-06] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-06 19:06 - 2014-04-06 19:06 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\AVAST Software
2014-04-06 19:01 - 2014-04-06 19:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 19:01 - 2014-04-06 19:01 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 17:58 - 2014-04-08 18:23 - 00009974 _____ () C:\Users\Lizbeth\Desktop\FRST.txt
2014-04-06 17:58 - 2014-04-08 18:23 - 00000000 ____D () C:\FRST
2014-04-06 17:56 - 2014-04-06 17:53 - 01145856 _____ (Farbar) C:\Users\Lizbeth\Desktop\FRST.exe
2014-04-06 15:21 - 2014-04-06 15:21 - 00001142 _____ () C:\Users\Lizbeth\Desktop\JRT.txt
2014-04-06 15:08 - 2014-04-06 15:08 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 15:01 - 2014-04-06 15:01 - 00139232 _____ () C:\Windows\Minidump\Mini040614-02.dmp
2014-04-06 14:45 - 2014-04-06 14:51 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:44 - 2014-04-06 14:39 - 01016261 _____ (Thisisu) C:\Users\Lizbeth\Desktop\JRT.exe
2014-04-06 14:44 - 2014-04-06 14:38 - 01426178 _____ () C:\Users\Lizbeth\Desktop\AdwCleaner.exe
2014-04-06 12:44 - 2014-04-06 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 12:44 - 2014-04-06 12:44 - 00139232 _____ () C:\Windows\Minidump\Mini040614-01.dmp
2014-04-06 12:43 - 2014-04-06 15:01 - 264801431 _____ () C:\Windows\MEMORY.DMP
2014-04-06 12:42 - 2014-04-06 12:42 - 00000000 ____D () C:\_OTL
2014-04-05 18:48 - 2014-04-05 18:48 - 00018000 _____ () C:\Users\Lizbeth\Desktop\Extras.Txt
2014-04-05 18:45 - 2014-04-06 15:32 - 00054600 _____ () C:\Users\Lizbeth\Desktop\OTL.Txt
2014-04-05 18:27 - 2014-04-05 18:24 - 00000216 _____ () C:\Users\Lizbeth\Desktop\text.txt
2014-04-05 18:27 - 2014-04-05 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lizbeth\Desktop\OTL.exe
2014-04-05 18:26 - 2014-04-05 18:26 - 00000719 _____ () C:\Windows\setupact.log
2014-04-05 18:26 - 2014-04-05 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:54 - 2014-04-07 18:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 15:59 - 2014-04-05 10:59 - 00000080 _____ () C:\Users\Lizbeth\AppData\Roaming\WB.CFG
2014-03-30 12:47 - 2014-03-30 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lizbeth\Downloads\UnityWebPlayer.exe
2014-03-24 19:53 - 2014-04-08 17:37 - 00537882 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 19:51 - 2014-04-05 10:05 - 00066368 _____ () C:\Users\Lizbeth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 19:49 - 2014-04-06 19:05 - 00182724 _____ () C:\Windows\PFRO.log
2014-03-24 19:49 - 2014-04-05 10:33 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 19:11 - 2014-03-24 19:11 - 00450560 _____ () C:\Users\Steve\NTUSER.rhk
2014-03-24 18:53 - 2014-03-31 17:00 - 00000382 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-24 18:47 - 2014-04-08 09:13 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
2014-03-24 17:54 - 2014-03-24 17:54 - 00000951 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 ____D () C:\Program Files\Wise
2014-03-24 17:26 - 2014-03-24 17:26 - 00008704 _____ () C:\Users\Lizbeth\Documents\lizbeths CV.wps
2014-03-24 17:21 - 2014-03-24 17:26 - 00000294 _____ () C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
2014-03-24 17:21 - 2014-03-24 17:21 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Template
2014-03-22 19:51 - 2014-03-22 19:51 - 00000000 ____D () C:\ProgramData\Hazard Perception Training
2014-03-22 19:49 - 2014-03-26 13:07 - 00000000 ____D () C:\ProgramData\Driving Test Success
2014-03-22 11:45 - 2014-03-22 11:45 - 00000000 _____ () C:\Windows\PROTOCOL.INI
2014-03-22 11:44 - 2014-03-26 09:43 - 00000000 ____D () C:\lgvpcv
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\IO.SYS
 
==================== One Month Modified Files and Folders =======
 
2014-04-08 18:23 - 2014-04-06 17:58 - 00009974 _____ () C:\Users\Lizbeth\Desktop\FRST.txt
2014-04-08 18:23 - 2014-04-06 17:58 - 00000000 ____D () C:\FRST
2014-04-08 18:12 - 2013-03-06 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 18:12 - 2006-11-02 13:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 18:12 - 2006-11-02 13:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 17:37 - 2014-03-24 19:53 - 00537882 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 17:26 - 2012-12-03 08:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 15:26 - 2012-12-03 08:47 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 09:19 - 2006-11-02 11:33 - 00729376 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 09:13 - 2014-03-24 18:47 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Wise Care 365
2014-04-08 09:12 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 22:22 - 2006-11-02 14:01 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-07 18:06 - 2014-04-04 16:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-07 18:02 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-06 19:06 - 2014-04-06 19:06 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\AVAST Software
2014-04-06 19:05 - 2014-03-24 19:49 - 00182724 _____ () C:\Windows\PFRO.log
2014-04-06 19:01 - 2014-04-06 19:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 19:01 - 2014-04-06 19:01 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 19:01 - 2013-03-02 19:34 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-06 19:01 - 2013-03-02 19:34 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-06 19:01 - 2012-12-03 08:47 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-06 19:01 - 2012-12-03 08:46 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-06 18:59 - 2012-12-03 00:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-06 18:58 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-04-06 17:53 - 2014-04-06 17:56 - 01145856 _____ (Farbar) C:\Users\Lizbeth\Desktop\FRST.exe
2014-04-06 15:32 - 2014-04-05 18:45 - 00054600 _____ () C:\Users\Lizbeth\Desktop\OTL.Txt
2014-04-06 15:21 - 2014-04-06 15:21 - 00001142 _____ () C:\Users\Lizbeth\Desktop\JRT.txt
2014-04-06 15:08 - 2014-04-06 15:08 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 15:01 - 2014-04-06 15:01 - 00139232 _____ () C:\Windows\Minidump\Mini040614-02.dmp
2014-04-06 15:01 - 2014-04-06 12:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 15:01 - 2014-04-06 12:43 - 264801431 _____ () C:\Windows\MEMORY.DMP
2014-04-06 14:51 - 2014-04-06 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:39 - 2014-04-06 14:44 - 01016261 _____ (Thisisu) C:\Users\Lizbeth\Desktop\JRT.exe
2014-04-06 14:38 - 2014-04-06 14:44 - 01426178 _____ () C:\Users\Lizbeth\Desktop\AdwCleaner.exe
2014-04-06 13:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-06 12:44 - 2014-04-06 12:44 - 00139232 _____ () C:\Windows\Minidump\Mini040614-01.dmp
2014-04-06 12:42 - 2014-04-06 12:42 - 00000000 ____D () C:\_OTL
2014-04-05 18:48 - 2014-04-05 18:48 - 00018000 _____ () C:\Users\Lizbeth\Desktop\Extras.Txt
2014-04-05 18:26 - 2014-04-05 18:26 - 00000719 _____ () C:\Windows\setupact.log
2014-04-05 18:26 - 2014-04-05 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 18:24 - 2014-04-05 18:27 - 00000216 _____ () C:\Users\Lizbeth\Desktop\text.txt
2014-04-05 18:17 - 2014-04-05 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Lizbeth\Desktop\OTL.exe
2014-04-05 14:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-04-05 13:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\SchCache
2014-04-05 13:04 - 2012-12-04 11:00 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-04-05 10:59 - 2014-04-04 15:59 - 00000080 _____ () C:\Users\Lizbeth\AppData\Roaming\WB.CFG
2014-04-05 10:33 - 2014-03-24 19:49 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 10:28 - 2008-03-26 23:29 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 10:05 - 2014-03-24 19:51 - 00066368 _____ () C:\Users\Lizbeth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 16:52 - 2013-03-21 11:41 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Mozilla
2014-04-04 16:16 - 2013-03-06 14:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-04 16:16 - 2013-03-06 14:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 13:20 - 2013-04-14 18:31 - 00000000 ____D () C:\Users\Lizbeth\.umplayer
2014-04-03 13:19 - 2012-12-05 15:43 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\uTorrent
2014-03-31 17:00 - 2014-03-24 18:53 - 00000382 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-30 12:47 - 2014-03-30 12:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lizbeth\Downloads\UnityWebPlayer.exe
2014-03-28 12:10 - 2013-04-14 18:33 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\MPlayer
2014-03-26 13:07 - 2014-03-22 19:49 - 00000000 ____D () C:\ProgramData\Driving Test Success
2014-03-26 09:43 - 2014-03-22 11:44 - 00000000 ____D () C:\lgvpcv
2014-03-24 19:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help
2014-03-24 19:12 - 2006-11-02 11:22 - 31195136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-24 19:12 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-24 19:11 - 2014-03-24 19:11 - 00450560 _____ () C:\Users\Steve\NTUSER.rhk
2014-03-24 19:11 - 2014-01-01 12:24 - 00000000 ____D () C:\Users\Steve
2014-03-24 18:52 - 2006-11-10 14:22 - 00000000 ____D () C:\Windows\Panther
2014-03-24 18:17 - 2013-11-03 11:25 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Samsung
2014-03-24 18:17 - 2013-11-03 11:25 - 00000000 ____D () C:\Users\Lizbeth\AppData\Local\Samsung
2014-03-24 18:13 - 2013-11-03 11:09 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-24 18:13 - 2008-03-26 23:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-24 17:59 - 2008-03-26 23:18 - 00000000 ____D () C:\Program Files\Dell
2014-03-24 17:57 - 2013-05-26 19:58 - 00000000 ____D () C:\Poker
2014-03-24 17:54 - 2014-03-24 17:54 - 00000951 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-03-24 17:54 - 2014-03-24 17:54 - 00000000 ____D () C:\Program Files\Wise
2014-03-24 17:26 - 2014-03-24 17:26 - 00008704 _____ () C:\Users\Lizbeth\Documents\lizbeths CV.wps
2014-03-24 17:26 - 2014-03-24 17:21 - 00000294 _____ () C:\Users\Lizbeth\AppData\Roaming\wklnhst.dat
2014-03-24 17:21 - 2014-03-24 17:21 - 00000000 ____D () C:\Users\Lizbeth\AppData\Roaming\Template
2014-03-24 17:01 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-22 19:52 - 2012-12-02 22:33 - 00058368 _____ () C:\Users\Lizbeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-22 19:51 - 2014-03-22 19:51 - 00000000 ____D () C:\ProgramData\Hazard Perception Training
2014-03-22 11:45 - 2014-03-22 11:45 - 00000000 _____ () C:\Windows\PROTOCOL.INI
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-22 11:41 - 2014-03-22 11:41 - 00000000 __RSH () C:\IO.SYS
2014-03-15 16:47 - 2012-12-03 08:50 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\Lizbeth\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-08 09:18
 
==================== End Of Log ============================
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/04/2014
Scan Time: 19:40:21
Logfile: MbAM.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.08.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows Vista
CPU: x86
File System: NTFS
User: Lizbeth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 242743
Time Elapsed: 59 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [669ac53bd32d8b75cbc39f6edb277e82], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Zekos.Patchedwv0, C:\Windows\System32\rpcss.dll, Replace-on-Reboot, [7b981222a257d076885bffb66f19b7ce], 
Trojan.Agent, C:\Users\Lizbeth\AppData\Local\Temp\services.exe.mui, Quarantined, [926e9868728e56aa76c56c1bc63d1de3], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#21
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
OK, then try it with Chrome:

ESET Online Scanner:

Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan...
  • In the window that now appears called Launch ESET Online Scanner
  • Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
  • Then in the lower left hand corner of the browser window double click on esetgc1.jpg >> follow the prompts
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do nottouch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 1

#22
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Are you still with me?
  • 0

#23
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Yes, sorry work and wife commitments have been keeping me busy.

 

Here is the ESET log

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ca13b580d6a84c4088dae1c29f9bc143
# engine=17856
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-12 06:49:10
# local_time=2014-04-12 07:49:10 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=774 16777213 85 76 477847 6890284 0 0
# compatibility_mode=5892 16776573 100 100 60350 234818078 0 0
# scanned=100874
# found=6
# cleaned=0
# scan_time=3001
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=A8D4FCF682CC517EB03E5F143DC258884D3E681D ft=1 fh=7b2df0ecb11bcf8b vn="a variant of Win32/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Lizbeth\AppData\Local\Temp\ShoppinHelper2new2.exe.xBAD"
sh=584E2DB71E73635D3770D1A24AF23E80C21D1105 ft=1 fh=e6985f0ed4d12cee vn="a variant of MSIL/DomaIQ.X potentially unwanted application" ac=I fn="C:\Users\Lizbeth\AppData\Local\Temp\jki2090.tmp"
sh=1A9C2CE8C1F539AC8546D67C9F924AEA8D2A84C2 ft=1 fh=d348c3328e970e39 vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\Users\Lizbeth\AppData\Local\Temp\ac8425f8-b6f6-4ad2-88a4-71f70bc4e6e9\software\Cloud_Backup_Setup.exe"
sh=E441FE59C255C57681ACA6CC5F841A6723DCC346 ft=1 fh=a1518a739dd3ff35 vn="Win32/SpeedingUpMyPC.I application" ac=I fn="C:\Users\Lizbeth\AppData\Local\Temp\ac8425f8-b6f6-4ad2-88a4-71f70bc4e6e9\software\OptimizerPro.exe"
sh=12F8CB7B22FD44CD79C46E1252054172699C8820 ft=1 fh=59346d63341a52ea vn="multiple threats" ac=I fn="C:\Users\Lizbeth\AppData\Local\Temp\{C0D18640-F9AF-4E23-B6A1-F139A7157782}\setup.exe"

  • 0

#24
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey,
the Malware is gone. We will now fix the other problems.

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Users\Lizbeth\AppData\Local\Temp\jki2090.tmp
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: Windows Repair All In One
  • Please download Windows Repair from here
  • Right click on the Installer and select Run as Administrator - then install the program
  • Right click on the Windows Repair All-in-one icon and select Run as Administrator
  • You will see a screen like that below:
lcqgqjaq.png
  • Please move to the tab called Step3: Optional. The picture below shows how the screen should look like:
h77xsqx5.png
  • Please click on Do It and wait until it is finished.
  • Please move to the tab Step 4 and under Registry Backup please click BackUp - this will do a Registry BackUp of your computer. Please let it also create a System Restore point by clicking on the Create Button under the System Restore Section
  • Then move to the tab Start Repairs - you will see a screen like below:
yfpbt3hs.png
  • Please click on Start - this will open a new screen.
  • Select the following items and tick restart system when finished. (Check the same items like in the picture below)
qzd34qji.png
  • Then click Start and the scan/fix will begin
  • The PC will reboot - if not please reboot it manually
Step 3: Question

How is your PC running?
  • 1

#25
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi,

 

OK, all scans have been run. There is still an issue with the functionality of the uninstall/repair buttons missing in control panel. The computer is a a bit slow to boot up (it was before) and when the internet is first accessed there can be a lag of several minutes waiting for websites to load. This seems to improve after a few websites. Other than that it seems to be OK, thanks.


  • 0

Advertisements


#26
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello,

I like to check the Services, and do a little RootKit Scan. If the results are clean we will search for corrupted files via SystemFileChecker (SFC).

Step 1: Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Step 2: ASWMBR

Please download aswMBR from one of the links below and save it to your Desktop.


Download Mirror #1

  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 1

#27
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi,

 

Farbar Service Scanner Version: 25-02-2014
Ran by Lizbeth (administrator) on 14-04-2014 at 17:33:41
Running from "C:\Users\Lizbeth\Downloads"
Microsoft® Windows Vista™ Home Premium   (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-12-03 09:24] - [2012-12-03 09:24] - 0818688 ____A (Microsoft Corporation) 2C1F7005AA3B62721BFDB307BD5F5010
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll
[2012-12-03 09:24] - [2012-12-03 09:24] - 0317440 ____A (Microsoft Corporation) 96B73CC64BD905EA6CC4E44384ABD8C9
 
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2006-11-02 10:14] - [2006-11-02 10:46] - 1568256 ____A (Microsoft Corporation) 9397D21939A25DA1BD0ED8DB5BB3C853
 
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2012-12-03 09:25] - [2012-12-03 09:25] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F
 
 
 
**** End of log ****
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-14 17:37:24
-----------------------------
17:37:24.094    OS Version: Windows 6.0.6000 
17:37:24.094    Number of processors: 1 586 0x1601
17:37:24.101    ComputerName: LIZBETH-PC  UserName: Lizbeth
17:37:24.619    Initialize success
17:37:27.579    AVAST engine defs: 14041401
17:39:09.503    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:39:09.508    Disk 0 Vendor: ST916082 3.CD Size: 152627MB BusType: 3
17:39:09.652    Disk 0 MBR read successfully
17:39:09.655    Disk 0 MBR scan
17:39:09.661    Disk 0 Windows VISTA default MBR code
17:39:09.664    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      117 MB offset 63
17:39:09.678    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 241664
17:39:09.693    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       139707 MB offset 21213184
17:39:09.698    Disk 0 Partition - 00     0F Extended LBA              2560 MB offset 307335168
17:39:09.743    Disk 0 Partition 4 00     DD              MSDOS5.0     2559 MB offset 307337216
17:39:09.750    Disk 0 scanning sectors +312578048
17:39:09.855    Disk 0 scanning C:\Windows\system32\drivers
17:39:20.946    Service scanning
17:39:53.079    Modules scanning
17:40:04.650    Disk 0 trace - called modules:
17:40:06.589    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
17:40:06.597    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852215c0]
17:40:06.603    3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x851c2030]
17:40:09.639    AVAST engine scan C:\Windows
17:40:11.453    AVAST engine scan C:\Windows\system32
17:42:36.369    AVAST engine scan C:\Windows\system32\drivers
17:42:57.399    AVAST engine scan C:\Users\Lizbeth
17:46:08.601    AVAST engine scan C:\ProgramData
17:49:36.986    Scan finished successfully
17:50:57.710    Disk 0 MBR has been saved successfully to "C:\Users\Lizbeth\Desktop\MBR.dat"
17:50:57.710    The log file has been saved successfully to "C:\Users\Lizbeth\Desktop\aswMBR.txt"
 
 

  • 1

#28
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey,

Step 1: SFC Scan
  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following command into it, press enter

    sfc /scannow

Step 2: Export CBS folder
  • Click the Start button StartButton_16x16.gif then click Computer.
  • Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
  • Find and double click on the Logs folder.
  • Right-click on the CBS folder, and select Copy.
  • Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
  • Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
  • A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.
  • Attach this to your next post please. If it is too big, please use an alternative uploading method then send me the link (Dropbox, SkyDrive, SendSpace etc.).

  • 1

#29
St3liz

St3liz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi,

 

Here are the results. The first scan stopped after 25% and the CMD window stated 'Windows Resource Protection could not perform the requested operation' and a window appeared stating 'Windows Module Installer stopped working and was closed'.

Attached Files

  • Attached File  CBS.zip   47.51KB   39 downloads

  • 0

#30
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello,
Please follow these steps here to perform a Repair Install.
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP