[Elisheba]

Here is the Fixlog Txt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014

Ran by Owner at 2014-05-23 15:34:28 Run:1

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: {0FA78865-6ED5-46EF-8410-A6F906810811} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Task: {1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION

C:\Program Files (x86)\Ask.com

2014-05-12 17:15 - 2014-05-15 15:13 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-05-17 11:03 - 2014-05-17 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\ProgramData\Avg

2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-05-17 00:40 - 2014-05-16 19:54 - 00000000 ____D () C:\ProgramData\MFAData

2014-05-17 00:34 - 2012-04-19 21:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy

2014-05-17 08:30 - 2012-05-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6

End

*****************

 

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FA78865-6ED5-46EF-8410-A6F906810811} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FA78865-6ED5-46EF-8410-A6F906810811} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 => Key deleted successfully.

"C:\Program Files (x86)\Ask.com" => File/Directory not found.

C:\ProgramData\HitmanPro => Moved successfully.

C:\Windows\system32\bootdelete.exe => Moved successfully.

C:\ProgramData\Avg => Moved successfully.

C:\Program Files (x86)\AVG => Moved successfully.

C:\ProgramData\MFAData => Moved successfully.

C:\Program Files (x86)\VS Revo Group => Moved successfully.

C:\ProgramData\Spybot - Search & Destroy => Moved successfully.

C:\Program Files (x86)\Spybot - Search & Destroy => Moved successfully.

C:\Program Files (x86)\Movie Maker 2.6 => Moved successfully.

 

==== End of Fixlog ====

 

And thank you for the link to GeekU! 

[Advertisements]

And thank you for the link to GeekU!

You're quite welcome.

Let's run some scans and see if there's any remnants lurking and check for out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[pystryker]

And thank you for the link to GeekU!

You're quite welcome.

Let's run some scans and see if there's any remnants lurking and check for out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[Elisheba]

What version of Mbam do you have? Mine doesnt look like yours and I dont have 'protection and protection' or 'scan for rootkits'. Mine is 1.75.0.1300. 

[pystryker]

What version of Mbam do you have? Mine doesnt look like yours and I dont have 'protection and protection' or 'scan for rootkits'. Mine is 1.75.0.1300.

This is a new version they released not long ago. It's Version 2.0.1.1004.

[Elisheba]

I found a download for Malwarebytes anti rootkit beta 'removes and repairs rootkits' should I d/l it?? 

[pystryker]

I found a download for Malwarebytes anti rootkit beta 'removes and repairs rootkits' should I d/l it?? 

No, just the Malwarebytes Anti-Malware at this time.

[Elisheba]

I cant find a good link to d/l it and I the one I have wont upgrade to that one. :/

[pystryker]

Do you have the paid version of MBAM or the freeware version? The link I provided has a link at the top of the page to download the new free version or the paid one. If you have either version, you can uninstall it first, then download the new version and install it.

[Elisheba]

I have the free one. I'll go uninstall that one and d/l the one from the link, then I'll be off to do the other instructions. 

[pystryker]

I have the free one. I'll go uninstall that one and d/l the one from the link, then I'll be off to do the other instructions.

[Elisheba]

Oh god I was loading the bookmark for this page, and the screen jumped while I was trying to click into this box to type in, and I {{think}} that I clicked on report....ack! I sure hope not!  I hope that I would have gotten another box asking me something. But I didn't. 

 

I was going to tell you that every time I restart the computer now, I tiny window appears in the upper left corner and stays there for maybe 2 seconds, and at the top it says "DSD-3004 not responding". But the number is never the same. Once it was 2952. Once it was 2964. So yea Im not sure what that is but Im off to start the instructions with the new mbam. 

[pystryker]

Oh god I was loading the bookmark for this page, and the screen jumped while I was trying to click into this box to type in, and I {{think}} that I clicked on report....ack! I sure hope not!  I hope that I would have gotten another box asking me something. But I didn't. 
 
I was going to tell you that every time I restart the computer now, I tiny window appears in the upper left corner and stays there for maybe 2 seconds, and at the top it says "DSD-3004 not responding". But the number is never the same. Once it was 2952. Once it was 2964. So yea Im not sure what that is but Im off to start the instructions with the new mbam.

No worries, if you did click Report, it would have popped up another box asking why you are reporting this topic.

As for the DSD error, that's probably Dell System Detect, and you can uninstall that after completing the previous steps. It's easily downloadable if needed again.

[Elisheba]

Okie dokie. Thank you. Still scanning with mbam. Be back in a while.

[pystryker]

Okie dokie. Thank you. Still scanning with mbam. Be back in a while.

[Elisheba]

ESET LOG:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=e7a5ff433f8c254eb3a63eb0d70e2c28

# engine=18390

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-05-24 12:57:45

# local_time=2014-05-23 05:57:45 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 85 74 0 703105 0 0

# compatibility_mode=5893 16776573 100 94 0 152436515 0 0

# scanned=133984

# found=1

# cleaned=0

# scan_time=3230

sh=90A8A1543C5824343825D17AD63759D57F32DC40 ft=1 fh=580f0ecd7cd173d8 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Support\SIWPortable\SIWPortable.exe"

 

MBAM Log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/23/2014

Scan Time: 4:30:35 PM

Logfile: mbamtxt.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.05.23.12

Rootkit Database: v2014.05.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 295251

Time Elapsed: 13 min, 33 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Now moving on to SecurityCheck...