[tics]

maybe i pasted the wrong stuff????

[Advertisements]

Hi

Let's try to do it another way.



Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

Please download the attached registry fix file and save it to your desktop:
 fix.reg   186bytes   479 downloads

Now we need to import the file into the registry.

• Locate the fix.reg file on your desktop.
• Right-click the icon of your file and select Merge.
• You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.


Scan with Farbar Service Scanner

Please re-run Farbar Service Scanner.

• Right-click on icon and select Run as Administrator to start the tool.
• Make sure all of the options are checked!
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.


Cheers,
Naat

[Naathim]

Hi

Let's try to do it another way.



Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

Please download the attached registry fix file and save it to your desktop:
 fix.reg   186bytes   479 downloads

Now we need to import the file into the registry.

• Locate the fix.reg file on your desktop.
• Right-click the icon of your file and select Merge.
• You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.


Scan with Farbar Service Scanner

Please re-run Farbar Service Scanner.

• Right-click on icon and select Run as Administrator to start the tool.
• Make sure all of the options are checked!
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.


Cheers,
Naat

[tics]

succesful merge and Heres the log

 

 

 

Farbar Service Scanner Version: 10-06-2014
Ran by Vincia M. Blaise (administrator) on 15-07-2014 at 22:42:31
Running from "C:\Users\Vincia M. Blaise\Desktop\tica fixing tools"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

[Naathim]

Hi
 
FSS indicates that the key is still missing. Let's try to do it from the safe mode.

There won't be any internet access there, so save or print down these instructions.


Boot into Safe Mode

Reboot your machine and start tapping F8 key repeatedly.
You should see Advanced Boot Menu with a couple of options.

• Please select Safe Mode and press Enter

You should get the access to your desktop, however icons will be big and screen will appear a little strange. It's normal.


Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

We need to import the file into the registry.

• Locate the fix.reg file on your desktop.
• Right-click the icon of your file and select Merge.
• You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.


Scan with Farbar Service Scanner

Please re-run Farbar Service Scanner.

• Right-click on icon and select Run as Administrator to start the tool.
• Make sure all of the options are checked!
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.


Cheers,
Naat

[tics]

Farbar Service Scanner Version: 10-06-2014
Ran by Vincia M. Blaise (administrator) on 16-07-2014 at 13:08:45
Running from "C:\Users\Vincia M. Blaise\Desktop\tica fixing tools"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

[Naathim]

Hi

Couple of last scans. Any other issues? Give me an update about your machine's behavior.



Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.


Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Remove found threats is unchecked.
• Scan archives is checked.
• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

[tics]

ok so the machine seems to be running well, I don't have any known probs. The malwarebytes log I can't get exported everytime I try it crashes the program and shuts down. will upload the online scanner log shortly. I ran it thru the nite it took so long I fell asleep so I dont know if it keep running and was complete, however I have a log.

[tics]

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=766067336f777a4ba87fbc4a2dff865b
# engine=19232
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-18 04:21:42
# local_time=2014-07-18 12:21:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 157200752 0 0
# scanned=423
# found=0
# cleaned=0
# scan_time=39
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=766067336f777a4ba87fbc4a2dff865b
# engine=19232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-18 07:20:40
# local_time=2014-07-18 03:20:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 157211490 0 0
# scanned=394470
# found=34
# cleaned=0
# scan_time=10419
sh=75DAD45F312B0B0CAD55AC644D738F763BC60514 ft=1 fh=08989222cdc5d813 vn="Win32/Toolbar.Zugo.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\StartNow Toolbar\search_protect.exe"
sh=4263A7CF345207583170FCD010DFA47A4DE1CDF8 ft=1 fh=c946422de7e22604 vn="Win32/Toolbar.Zugo.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe"
sh=3729386258B989C278C37DCD600BCA349FB4057C ft=1 fh=c71c001109746933 vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll"
sh=F40D32CC5FB2CD3466E3D28BECDF178386092048 ft=1 fh=bacd39f5809fb604 vn="a variant of Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe"
sh=DB8114DCBDF3B52472DF541C98ED6EA4CECB5D10 ft=1 fh=310d710fc0dc7084 vn="Win32/TrojanClicker.Agent.NRE trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\UBxBTSw5.exe.xBAD"
sh=DB8114DCBDF3B52472DF541C98ED6EA4CECB5D10 ft=1 fh=310d710fc0dc7084 vn="Win32/TrojanClicker.Agent.NRE trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Vincia M. Blaise\AppData\Local\Temp\124kkk290347.exe.xBAD"
sh=9195C57CDB2094BCF7292D4F8B0AFC36C86D5320 ft=1 fh=2e61b4d06ed7e539 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\Vincia M. Blaise\AppData\Local\Temp\ApnStub.exe.xBAD"
sh=4C7EE04176DA399A5A80402FBBCCBA8C58E5F383 ft=1 fh=3e58fcead898a3fd vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\Vincia M. Blaise\AppData\Local\Temp\setup.exe.xBAD"
sh=33BCD5C7BEDA1B083CCF27466BCC560E2A17E2EF ft=1 fh=bbc222561b9cf701 vn="Win64/Sirefef.W trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\n"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\00000004.@"
sh=1BE8D19F044D98320BBB7A0942924735233BCD26 ft=1 fh=1a64171e126b0516 vn="Win64/Agent.BA trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\00000008.@"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\000000cb.@"
sh=5492F7AD4D9E77F298514B97E75BB337D67C02C7 ft=1 fh=e59acdb46a64a0cc vn="Win64/Sirefef.AP trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\80000000.@"
sh=A4E1F6CA85F73420B775F6FD081108790DE4A01B ft=1 fh=4b259d6914b9814f vn="Win32/Sirefef.FD trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\80000032.@"
sh=A6F65CB2D9F278FA0E8F6141C5D8A78CA8C5B227 ft=1 fh=51e605038d2eb4c0 vn="Win64/Sirefef.AN trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\80000064.@"
sh=33BCD5C7BEDA1B083CCF27466BCC560E2A17E2EF ft=1 fh=bbc222561b9cf701 vn="Win64/Sirefef.W trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\n"
sh=A1ACE34F7A61F7B1DA1227288871A9A1773860E5 ft=1 fh=4e1a7f1885a299ba vn="Win64/Olmarik.AH trojan" ac=I fn="C:\ProgramData\Microsoft\Windows\DRM\4E.tmp"
sh=BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 ft=1 fh=c98886797a059119 vn="Win32/Olmarik.AYI trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0000.dta"
sh=F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE ft=1 fh=25399a82da0a3c13 vn="Win64/Olmarik.AK trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0001.dta"
sh=B6A8387A82AE5B7E732B04484690E5CAA8DA5DBC ft=1 fh=2c58b8eef57af58c vn="Win32/Olmarik.AYH trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0002.dta"
sh=297CA0907D08374145FBBF4836BF6209946926B2 ft=1 fh=fe6583c741449090 vn="Win64/Olmarik.AL trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0003.dta"
sh=5828C09424ECD76E81A2F8955258A2F8AD31CB23 ft=1 fh=d75b59f32f34f626 vn="a variant of Win32/Rootkit.Kryptik.LA trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0004.dta"
sh=DBDF099D4D9921EA809AB857CF1CA9776E109FD3 ft=1 fh=9e4fbe5e40a2dd9f vn="Win64/Olmarik.AK trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0005.dta"
sh=F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 ft=1 fh=a8456031c362e5e7 vn="Win32/Olmarik.AFK trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0009.dta"
sh=5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 ft=1 fh=107f253539197b01 vn="Win64/Olmarik.AK trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0010.dta"
sh=BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 ft=1 fh=c98886797a059119 vn="Win32/Olmarik.AYI trojan" ac=I fn="C:\TDSSKiller_Quarantine\07.07.2014_15.15.24\tdlfs0000\tsk0014.dta"
sh=A1ACE34F7A61F7B1DA1227288871A9A1773860E5 ft=1 fh=4e1a7f1885a299ba vn="Win64/Olmarik.AH trojan" ac=I fn="C:\Users\All Users\Microsoft\Windows\DRM\4E.tmp"
sh=4C7EE04176DA399A5A80402FBBCCBA8C58E5F383 ft=1 fh=3e58fcead898a3fd vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Vincia M. Blaise\AppData\LocalLow\AskToolbar\setup.exe"
sh=5C5F9C50A61A44AD267D0B1B8AD99C367D1805AC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7b903cde-18f1f1e0"
sh=41E8A6AE7DB54A4E50388A7DA012FE5085B5EFC2 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NCH trojan" ac=I fn="C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63930d5f-28f5dabc"
sh=CF98CE9E0A33EBDC64E02794BF8B4739BAA93C5D ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.AM trojan" ac=I fn="C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\163a4f7d-3e057782"
sh=A8DF42085F98D5BFF42D34D3128CD33C7EA1734B ft=1 fh=7dfefdbd3a3f7938 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\13a1c34a396a318be09f4b9ce600d80662732c82"
sh=7C1DB3CB6EB00CC1D468CB1F0D11ABBEE0A89B53 ft=1 fh=2259aa2d51421ece vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\5d42293dd217e473dd9cfa15706987a30b364f68"
sh=303BD7E6A307688F829D0E525B87CF4480F612E9 ft=1 fh=4accdedb476c8e1d vn="a variant of Win32/Distromatic.C potentially unwanted application" ac=I fn="C:\Windows\Temp\TBU001\ToolbarUpdate.exe"
 

[tics]

Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Scholastic's I SPY Mystery  
 Java™ 6 Update 31  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 15.0.1 Firefox out of Date!  
 Google Chrome 23.0.1271.64  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

[tics]

so for malwarebytes the initial scan came up 54 threats which were quarantined, but the log doesnt come up closing the program everytime. I ran a second scan and after this it lets me export the log. no export of initial scan but can export other scans. should i delete the threats as final action??

[Naathim]

Hi
 
Delete things found by MBAM. Rest of the stuff will be taken care right now


Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:
  

  start
  C:\ProgramData\Microsoft\Windows\DRM\4E.tmp
  C:\Users\All Users\Microsoft\Windows\DRM\4E.tmp
  C:\Users\Vincia M. Blaise\AppData\LocalLow\AskToolbar
  C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7b903cde-18f1f1e0
  C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63930d5f-28f5dabc
  C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\163a4f7d-3e057782
  C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\13a1c34a396a318be09f4b9ce600d80662732c82
  C:\Windows\Temp\TBU001\ToolbarUpdate.exe
  C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\5d42293dd217e473dd9cfa15706987a30b364f68
  Delete Quarantine:
  end

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply. Do it before running DelFix (which is told later).


Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your apps need updating:

Updating Java manually

• Click the Start button
• Click Control Panel
• Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed.
• If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
• From Control panel also please remove any older versions of Java - do not leave them installed!.

Please remember to always keep it up to date.

Updating Adobe manually

• Visit Adobe website.
• You will see a download option there for the newest Adobe Acrobat version.
• In the center part you will be prompted to install McAfee Security Scan Plus as a free program. This is foistware. Remember to leave the box for McAfee UNCHECKED.
• Click on Install, save the file to a convenient location, double-click it and follow the prompts.

Please remember to always keep it up to date

Updating Mozilla Firefox manually

• Please open Firefox.
• Click the icon.
• Click Help and select About Firefox.
• Firefox will search for any updates and start downloading them automatically.
• When the updates will be ready you will be prompted to restart Firefox. Please do it.

Please remember to always keep it up to date.


Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
• Push Run.
• When finished, it will display a notepad report.

Include it for my review.

[Naathim]

Hi

 

Still with me?

[tics]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Vincia M. Blaise at 2014-07-22 14:40:04 Run:3
Running from C:\Users\Vincia M. Blaise\Desktop\tica fixing tools
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\Microsoft\Windows\DRM\4E.tmp
C:\Users\All Users\Microsoft\Windows\DRM\4E.tmp
C:\Users\Vincia M. Blaise\AppData\LocalLow\AskToolbar
C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7b903cde-18f1f1e0
C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63930d5f-28f5dabc
C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\163a4f7d-3e057782
C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\13a1c34a396a318be09f4b9ce600d80662732c82
C:\Windows\Temp\TBU001\ToolbarUpdate.exe
C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\5d42293dd217e473dd9cfa15706987a30b364f68
Delete Quarantine:
end
*****************

C:\ProgramData\Microsoft\Windows\DRM\4E.tmp => Moved successfully.
"C:\Users\All Users\Microsoft\Windows\DRM\4E.tmp" => File/Directory not found.
C:\Users\Vincia M. Blaise\AppData\LocalLow\AskToolbar => Moved successfully.
C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7b903cde-18f1f1e0 => Moved successfully.
C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63930d5f-28f5dabc => Moved successfully.
C:\Users\Vincia M. Blaise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\163a4f7d-3e057782 => Moved successfully.
C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\13a1c34a396a318be09f4b9ce600d80662732c82 => Moved successfully.
C:\Windows\Temp\TBU001\ToolbarUpdate.exe => Moved successfully.
C:\Users\Vincia M. Blaise\AppData\Roaming\Apple Computer\MobileSync\Backup\355678e79f0e9c8185e9aa39cf4eaeb4c52622ae\5d42293dd217e473dd9cfa15706987a30b364f68 => Moved successfully.
Delete Quarantine: => Error: No automatic fix found for this entry.

==== End of Fixlog ====

[tics]

# DelFix v10.7 - Logfile created 22/07/2014 at 14:49:27
# Updated 27/04/2014 by Xplode
# Username : Vincia M. Blaise - VINCIAMBLAISE
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\TDSSKiller.3.0.0.39_05.07.2014_15.15.33_log.txt
Deleted : C:\TDSSKiller.3.0.0.39_05.07.2014_15.19.02_log.txt
Deleted : C:\TDSSKiller.3.0.0.39_07.07.2014_15.13.03_log.txt
Deleted : C:\TDSSKiller.3.0.0.39_07.07.2014_15.15.24_log.txt
Deleted : C:\Users\Vincia M. Blaise\Desktop\SecurityCheck.exe
Deleted : C:\Users\Vincia M. Blaise\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Vincia M. Blaise\Downloads\HijackThis.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #348 [Windows Update | 07/07/2014 19:42:14]
Deleted : RP #349 [Windows Update | 07/07/2014 20:07:46]
Deleted : RP #350 [Windows Update | 07/10/2014 19:19:01]
Deleted : RP #351 [Windows Update | 07/10/2014 19:50:18]
Deleted : RP #352 [Windows Update | 07/14/2014 16:33:54]
Deleted : RP #353 [Windows Update | 07/16/2014 02:43:42]
Deleted : RP #354 [Windows Update | 07/16/2014 17:19:22]
Deleted : RP #356 [Windows Modules Installer | 07/18/2014 07:17:16]
Deleted : RP #357 [Windows Modules Installer | 07/18/2014 07:18:18]
Deleted : RP #358 [Windows Update | 07/18/2014 14:44:51]
Deleted : RP #359 [Windows Update | 07/22/2014 18:27:08]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

[Naathim]

Great!

 

I'm glad that we were able to restore your machine to its noble state, and subject to no further problems I think that you are ready to go!

 

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

Recommended reading:

MUST READ - security tips: Computer Security - a short guide to staying safer online.
MUST READ - general maintenance: What to do if your Computer is running slowly?

 

Recommended additional software:

 TFC - to clean unneeded temporary files.
 Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
 Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
 McShield - to prevent infections spread by removable media.
 CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
 Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

 

Stay safe,
Naat