Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware has taken over Google Chrome and FF [Solved]

Started by Fizzicist , Nov 08 2014 09:10 PM

  • This topic is locked This topic is locked

#1
Fizzicist
Posted 08 November 2014 - 09:10 PM

Fizzicist

    New Member

  • Member
  • Pip
  • 5 posts

I was asked to look at this laptop as Google Chrome was unusable and the computer was very slow.  The first thing that I found was PC Optimizer Pro.  I went into the Control Panel and uninstalled this program and others (Astromenda, Framed Display, KrazyCraft toolbar, Cut the Rope, and FireFox Packages - not FF) that had the same date.  I was going to try to install a trial version of BitDefender but I could not get to the site due to AdWare and being redirected.  When FireFox is working, some of the words are underlined and act as hyperlinks.  I was told that she had received a warning from a website about an infection and had clicked OK. I suspect that there are other things that she has installed and this is the result several infections.

 

I tried to follow a generic set of instructions, from another site, and ran (I don't remember the order) CCleaner, ComboFix, FRST, Farber Service Scanner, Junk Removal Tool, MalwareBytes, RogueKiller, and Adwcleaner (the version I ran yesterday worked but the version 4.100 that I had to install today crashed - SQLite3.dll Can't be Loaded!).

 

I would appreciate any help that you can offer.

 

 

OTL logfile created on: 11/8/2014 9:09:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.56 Mb Total Physical Memory | 261.25 Mb Available Physical Memory | 25.78% Memory free
2.24 Gb Paging File | 1.10 Gb Available in Paging File | 49.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.67 Gb Total Space | 75.82 Gb Free Space | 71.76% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.57 Gb Free Space | 95.79% Space Free | Partition Type: FAT32
 
Computer Name: SONY-VAIO | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/08 21:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2014/10/16 22:07:38 | 003,487,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgidsagent.exe
PRC - [2014/10/16 22:04:10 | 003,649,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgui.exe
PRC - [2014/10/16 21:56:26 | 001,074,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgnsx.exe
PRC - [2014/10/16 21:55:00 | 000,880,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2015\avgrsx.exe
PRC - [2014/10/16 21:54:50 | 000,332,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgcfgex.exe
PRC - [2014/10/16 21:54:02 | 000,669,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgemcx.exe
PRC - [2014/10/16 21:53:38 | 000,691,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgcsrvx.exe
PRC - [2014/10/16 21:50:58 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/01/28 01:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/24 14:52:01 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/01/28 01:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/11/02 04:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/30 22:08:57 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/16 22:07:38 | 003,487,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/10/16 21:50:58 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/09/24 18:26:52 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/24 15:12:41 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/10/10 15:13:58 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/10/07 21:39:28 | 000,213,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/10/05 21:42:06 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/08/28 21:43:36 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/07/18 15:55:24 | 000,230,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/18 21:16:30 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/18 21:03:36 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/18 21:03:34 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/18 21:03:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B72b98dbc-939a-4e0e-b5a9-9fdbf75963ef%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/09/12 21:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/11/06 18:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default\extensions
[2014/10/31 22:54:31 | 000,000,000 | ---D | M] ("SitezExpert") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default\extensions\{72b98dbc-939a-4e0e-b5a9-9fdbf75963ef}
[2014/10/31 22:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profilesi8jlmpb3.default\extensions
[2014/10/31 22:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profilesi8jlmpb3.default\extensions\staged
[2014/10/31 22:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/10/31 22:54:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2014/11/08 08:48:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7768191B-8330-41BE-A845-5042FC16A619}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/08 12:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/11/08 10:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/08 10:45:02 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/08 10:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/11/08 09:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/11/08 09:54:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar
[2014/11/08 09:45:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/11/08 09:45:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/11/08 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2014/11/08 08:38:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/11/08 08:38:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/11/08 08:38:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/11/08 08:38:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/11/08 08:38:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/08 08:38:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/11/08 08:23:38 | 000,000,000 | ---D | C] -- C:\Malware Removal
[2014/11/06 18:29:40 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/06 18:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/06 18:28:46 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/06 18:28:46 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/06 18:28:46 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/06 18:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/06 18:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/06 18:16:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/11/06 18:05:55 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/11/06 18:04:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/06 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG2015
[2014/11/06 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2014/11/06 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/11/06 16:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/11/06 16:23:39 | 000,000,000 | ---D | C] -- C:\$AVG
[2014/11/06 16:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/11/06 16:15:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/11/06 16:15:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2014/11/06 16:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/11/06 16:15:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2015
[2014/11/06 15:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/11/01 09:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840
[2014/10/31 23:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LizardSales
[2014/10/31 23:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\26f3917f556d60be
[2014/10/30 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2014/10/30 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/10/10 15:13:58 | 000,200,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/08 21:05:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/08 20:56:08 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/08 20:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/08 20:56:07 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/08 19:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/08 18:56:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4411D823-0CD6-4588-9A0A-3041147C2BD9}.job
[2014/11/08 18:55:31 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/08 18:55:31 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/08 16:17:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/08 16:17:42 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/08 11:13:43 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/08 10:57:45 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/08 10:22:58 | 000,034,808 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/08 08:48:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/11/06 19:57:47 | 000,000,258 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/06 18:28:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/06 16:24:50 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/06 16:02:54 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/04 20:51:02 | 000,000,134 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2014/11/03 12:49:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/11/03 11:51:17 | 000,000,001 | ---- | M] () -- C:\Users\Owner\AppData\Local\DSI.DAT
[2014/10/31 22:54:10 | 000,000,870 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/10/31 22:54:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/27 20:03:55 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/10 15:13:58 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
 
========== Files Created - No Company Name ==========
 
[2014/11/08 10:57:45 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/08 10:22:58 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/08 08:38:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/11/08 08:38:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/11/08 08:38:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/11/08 08:38:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/11/08 08:38:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/11/06 19:57:47 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/06 18:28:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/06 16:24:50 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/03 12:49:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/03 11:51:17 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSI.DAT
[2014/11/01 09:51:02 | 000,000,134 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2013/07/07 14:05:38 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/24 14:55:24 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/11/24 14:45:46 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 04:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/11/06 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2015
[2014/11/06 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements

#2
Essexboy
Posted 09 November 2014 - 05:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, I would like to use a different scanner

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Fizzicist
Posted 09 November 2014 - 07:57 AM

Fizzicist

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here are the two scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014
Ran by Owner (administrator) on SONY-VAIO on 09-11-2014 08:45:01
Running from C:\Malware Removal
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-66469882-2084383915-2364982673-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-66469882-2084383915-2364982673-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-66469882-2084383915-2364982673-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: SitezExpert - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default\Extensions\{72b98dbc-939a-4e0e-b5a9-9fdbf75963ef} [2014-10-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-08]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213272 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 22:11 - 2014-11-08 22:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-08 21:15 - 2014-11-08 21:15 - 00041270 _____ () C:\Users\Owner\Downloads\OTL.Txt
2014-11-08 21:15 - 2014-11-08 21:15 - 00023600 _____ () C:\Users\Owner\Downloads\Extras.Txt
2014-11-08 21:09 - 2014-11-08 21:09 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2014-11-08 16:35 - 2014-11-08 16:36 - 02145792 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-11-08 12:05 - 2014-11-08 12:05 - 00000000 ____D () C:\Program Files\ESET
2014-11-08 12:04 - 2014-11-08 12:05 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-11-08 10:57 - 2014-11-08 10:57 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-08 10:57 - 2014-11-08 10:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-08 10:45 - 2014-11-09 08:45 - 00000000 ____D () C:\FRST
2014-11-08 10:22 - 2014-11-08 10:22 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-08 10:22 - 2014-11-08 10:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-08 09:57 - 2014-11-08 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-08 09:54 - 2014-11-08 10:10 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-11-08 09:45 - 2014-11-08 09:45 - 00008810 _____ () C:\ComboFix.txt
2014-11-08 08:38 - 2014-11-08 09:45 - 00000000 ____D () C:\Qoobox
2014-11-08 08:38 - 2014-11-08 09:43 - 00000000 ____D () C:\Windows\erdnt
2014-11-08 08:38 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-08 08:38 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-08 08:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-08 08:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-08 08:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-08 08:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-11-08 08:38 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-08 08:38 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-08 08:38 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-08 08:32 - 2014-11-08 08:32 - 00000773 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-11-08 08:23 - 2014-11-09 08:45 - 00000000 ____D () C:\Malware Removal
2014-11-06 18:29 - 2014-11-08 11:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 18:28 - 2014-11-06 18:28 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 18:28 - 2014-11-06 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 18:28 - 2014-11-06 18:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 18:28 - 2014-11-06 18:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-06 18:28 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 18:28 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 18:28 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 18:25 - 2014-11-06 18:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-06 18:16 - 2014-11-06 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 18:14 - 2014-11-06 18:14 - 01706939 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-11-06 18:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-06 18:04 - 2014-11-08 16:28 - 00000000 ____D () C:\AdwCleaner
2014-11-06 18:03 - 2014-11-06 18:03 - 01375089 _____ () C:\Users\Owner\Downloads\adwcleaner_3.311.exe
2014-11-06 16:25 - 2014-11-06 16:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-11-06 16:24 - 2014-11-06 16:24 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-06 16:24 - 2014-11-06 16:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-11-06 16:24 - 2014-11-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-06 16:23 - 2014-11-06 16:48 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-06 16:23 - 2014-11-06 16:23 - 00000000 ____D () C:\$AVG
2014-11-06 16:22 - 2014-11-06 16:22 - 00000000 ____D () C:\Program Files\AVG
2014-11-06 16:19 - 2014-11-06 16:19 - 00000029 _____ () C:\Users\Owner\Desktop\AVG.txt
2014-11-06 16:15 - 2014-11-09 08:41 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 16:15 - 2014-11-06 16:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-11-06 16:15 - 2014-11-06 16:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-11-06 15:52 - 2014-11-06 15:52 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-11-03 13:36 - 2014-11-03 13:36 - 00834928 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\DriverUpdate-setup(1).exe
2014-11-03 12:49 - 2014-11-03 12:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-03 11:51 - 2014-11-03 11:51 - 00000001 _____ () C:\Users\Owner\AppData\Local\DSI.DAT
2014-11-01 09:51 - 2014-11-04 20:51 - 00000134 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-11-01 09:35 - 2014-11-08 12:32 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840
2014-10-31 23:32 - 2014-11-06 19:53 - 00000000 ____D () C:\ProgramData\LizardSales
2014-10-31 23:32 - 2014-10-31 23:32 - 00000000 ____D () C:\ProgramData\26f3917f556d60be
2014-10-31 22:55 - 2014-10-31 22:56 - 00834928 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\DriverUpdate-setup.exe
2014-10-31 22:50 - 2014-10-31 22:49 - 24656704 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox%20Setup%2027.0.exe
2014-10-30 22:08 - 2014-10-30 22:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox(2)
2014-10-10 15:13 - 2014-10-10 15:13 - 00200984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 08:39 - 2013-09-12 21:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 08:38 - 2006-11-02 07:52 - 01838622 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 08:38 - 2006-11-02 07:47 - 00004672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 08:38 - 2006-11-02 07:47 - 00004672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 22:05 - 2014-09-19 17:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 21:26 - 2013-07-07 17:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 18:56 - 2013-07-07 14:00 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{4411D823-0CD6-4588-9A0A-3041147C2BD9}.job
2014-11-08 18:55 - 2006-11-02 05:33 - 00716948 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 16:17 - 2014-09-19 17:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 16:17 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 16:16 - 2006-11-02 08:01 - 00015614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-08 11:00 - 2014-01-19 03:39 - 00000000 ____D () C:\Windows\Minidump
2014-11-08 11:00 - 2012-11-24 13:17 - 00000000 ____D () C:\Windows\Panther
2014-11-08 09:45 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-11-08 09:45 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-08 09:43 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 16:02 - 2006-11-02 07:47 - 00228176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-06 15:52 - 2012-11-24 10:30 - 00049168 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 13:24 - 2006-11-02 05:23 - 00000246 _____ () C:\Windows\win.ini
2014-11-02 11:55 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-31 22:54 - 2013-09-12 21:35 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-31 22:54 - 2013-09-12 21:35 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-31 22:51 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-31 22:06 - 2012-11-24 10:30 - 00000000 ____D () C:\Users\Owner
2014-10-31 22:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-31 22:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-10-31 22:06 - 2006-11-02 05:22 - 21757952 _____ () C:\Windows\system32\config\components_previous
2014-10-31 22:06 - 2006-11-02 05:22 - 19398656 _____ () C:\Windows\system32\config\software_previous
2014-10-31 22:06 - 2006-11-02 05:22 - 12582912 _____ () C:\Windows\system32\config\system_previous
2014-10-31 22:06 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-31 22:06 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-31 22:06 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-28 05:35 - 2012-11-25 16:19 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 20:03 - 2014-09-19 17:59 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 02:06 - 2013-08-28 23:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2006-11-02 05:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\temp\dllnt_dump.dll
C:\Users\Owner\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-08 16:23

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014
Ran by Owner at 2014-11-09 08:45:50
Running from C:\Malware Removal
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-10-2014 15:15:47 Scheduled Checkpoint
24-10-2014 10:39:59 Windows Update
25-10-2014 15:50:04 Scheduled Checkpoint
26-10-2014 17:04:14 Scheduled Checkpoint
28-10-2014 17:06:58 Scheduled Checkpoint
28-10-2014 20:44:49 Windows Update
29-10-2014 20:52:30 Windows Update
30-10-2014 15:02:59 Scheduled Checkpoint
31-10-2014 23:58:59 Windows Update
01-11-2014 02:54:11 Restore Operation
01-11-2014 03:04:44 Restore Operation
01-11-2014 19:19:44 Windows Update
03-11-2014 19:36:14 Scheduled Checkpoint
05-11-2014 01:41:56 Windows Update
06-11-2014 21:21:52 Installed AVG 2015
06-11-2014 21:22:59 Installed AVG 2015
07-11-2014 23:36:52 Scheduled Checkpoint
08-11-2014 14:41:35 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-11-08 08:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {49ECA344-C2BC-4D35-BACC-E1C4B68E2A7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {8E8DF298-3DEC-4F6E-BE2E-8A9B0D0D934A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {90BCA45A-EEBF-4AF6-B61C-E1079E916D07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A2E010A9-03F5-4C57-9711-84DAFF000DFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{4411D823-0CD6-4588-9A0A-3041147C2BD9}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2006-11-02 05:25 - 2006-11-02 04:46 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2014-11-08 22:11 - 2014-11-08 22:11 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-66469882-2084383915-2364982673-500 - Administrator - Disabled)
Guest (S-1-5-21-66469882-2084383915-2364982673-501 - Limited - Disabled)
Owner (S-1-5-21-66469882-2084383915-2364982673-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: isatap.{7768191B-8330-41BE-A845-5042FC16A619}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{7768191B-8330-41BE-A845-5042FC16A619}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 04:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x41be8330,
process id 0x4ec, application start time 0xsvchost.exe0.

Error: (11/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RogueKiller.exe, version 10.0.4.0, time stamp 0x5450c4e0, faulting module RogueKiller.exe, version 10.0.4.0, time stamp 0x5450c4e0, exception code 0xc0000005, fault offset 0x001c1190,
process id 0xf84, application start time 0xRogueKiller.exe0.

Error: (11/08/2014 10:11:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RogueKiller.exe, version 10.0.4.0, time stamp 0x5450c4e0, faulting module RogueKiller.exe, version 10.0.4.0, time stamp 0x5450c4e0, exception code 0xc0000005, fault offset 0x001c1190,
process id 0x32c, application start time 0xRogueKiller.exe0.

Error: (11/08/2014 10:11:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RogueKiller.exe, version 10.0.4.0, time stamp 0x5450c4e0, faulting module RogueKiller.exe, version 10.0.4.0, time stamp 0x5450c4e0, exception code 0xc0000005, fault offset 0x001c1190,
process id 0xd80, application start time 0xRogueKiller.exe0.


System errors:
=============
Error: (11/09/2014 08:38:12 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller' (PCI\VEN_11AB&DEV_4351&SUBSYS_8212104D&REV_16\4&dbe6b62&0&00E0) disappeared from the system without first being prepared for removal.

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Driver Foundation - User-mode Driver Framework11200001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Portable Device Enumerator Service11200001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: WLAN AutoConfig11200001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Diagnostic System Host1

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Desktop Window Manager Session Manager11200001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Distributed Link Tracking Client11200001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tablet PC Input Service1600001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Superfetch1600001Restart the service

Error: (11/08/2014 04:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Program Compatibility Assistant Service1600001Restart the service


Microsoft Office Sessions:
=========================
Error: (11/08/2014 04:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6000.163864549adc4unknown0.0.0.000000000c000000541be83304ec01cffb56db35d8aa

Error: (11/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RogueKiller.exe10.0.4.05450c4e0RogueKiller.exe10.0.4.05450c4e0c0000005001c1190f8401cffb6661101085

Error: (11/08/2014 10:11:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RogueKiller.exe10.0.4.05450c4e0RogueKiller.exe10.0.4.05450c4e0c0000005001c119032c01cffb664c5174e5

Error: (11/08/2014 10:11:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RogueKiller.exe10.0.4.05450c4e0RogueKiller.exe10.0.4.05450c4e0c0000005001c1190d8001cffb66448dd8c5


CodeIntegrity Errors:
===================================
  Date: 2014-11-09 08:45:44.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:44.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:08.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 08:45:07.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2250 @ 1.73GHz
Percentage of memory in use: 77%
Total physical RAM: 1013.56 MB
Available physical RAM: 231.51 MB
Total Pagefile: 2295.51 MB
Available Pagefile: 1090.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:105.67 GB) (Free:75.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 995BB9D5)
Partition 1: (Not Active) - (Size=6.1 GB) - (Type=27)
Partition 2: (Active) - (Size=105.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 160C5F33)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================

 


  • 0

#4
Essexboy
Posted 09 November 2014 - 08:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, first thing to do is uninstall chrome as it has been changed to the developer version and therefore has no checks on the addons installed

After these fixes could you let me know what problems remain

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-66469882-2084383915-2364982673-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: SitezExpert - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default\Extensions\{72b98dbc-939a-4e0e-b5a9-9fdbf75963ef} [2014-10-31]
2014-11-01 09:35 - 2014-11-08 12:32 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840
2014-10-31 23:32 - 2014-10-31 23:32 - 00000000 ____D () C:\ProgramData\26f3917f556d60be
Task: {49ECA344-C2BC-4D35-BACC-E1C4B68E2A7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {A2E010A9-03F5-4C57-9711-84DAFF000DFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
Fizzicist
Posted 09 November 2014 - 09:44 AM

Fizzicist

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

# AdwCleaner v4.100 - Report created 09/11/2014 at 10:36:17
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : Owner - SONY-VAIO
# Running from : C:\Malware Removal\adwcleaner_4.100.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Framed Display
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v33.0.3 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [11107 octets] - [06/11/2014 18:04:39]
AdwCleaner[R1].txt - [1748 octets] - [07/11/2014 21:19:15]
AdwCleaner[R2].txt - [1280 octets] - [08/11/2014 16:27:14]
AdwCleaner[R3].txt - [1279 octets] - [09/11/2014 10:26:25]
AdwCleaner[S0].txt - [10958 octets] - [06/11/2014 18:07:32]
AdwCleaner[S1].txt - [1815 octets] - [08/11/2014 08:18:51]
AdwCleaner[S2].txt - [1197 octets] - [09/11/2014 10:36:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1257 octets] ##########
 


  • 0

#6
Essexboy
Posted 09 November 2014 - 09:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you uninstall chrome ? How is the computer now, also could you post the FRST fixlog please
  • 0

#7
Fizzicist
Posted 09 November 2014 - 02:37 PM

Fizzicist

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Yes, I uninstalled Chrome.  Here is the fixlog.  I used FireFox to visit a few sites and did not have any difficulties.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014
Ran by Owner at 2014-11-09 10:16:04 Run:1
Running from C:\Malware Removal
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-66469882-2084383915-2364982673-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: SitezExpert - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default\Extensions\{72b98dbc-939a-4e0e-b5a9-9fdbf75963ef} [2014-10-31]
2014-11-01 09:35 - 2014-11-08 12:32 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840
2014-10-31 23:32 - 2014-10-31 23:32 - 00000000 ____D () C:\ProgramData\26f3917f556d60be
Task: {49ECA344-C2BC-4D35-BACC-E1C4B68E2A7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
Task: {A2E010A9-03F5-4C57-9711-84DAFF000DFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-66469882-2084383915-2364982673-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i8jlmpb3.default\Extensions\{72b98dbc-939a-4e0e-b5a9-9fdbf75963ef} => Moved successfully.
C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840 => Moved successfully.
C:\ProgramData\26f3917f556d60be => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49ECA344-C2BC-4D35-BACC-E1C4B68E2A7F}" => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2E010A9-03F5-4C57-9711-84DAFF000DFD}" => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6000 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 422.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#8
Essexboy
Posted 09 November 2014 - 03:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Are you experiencing any other problems ?

 

Could you now update MBAM please and let me know if it detects anything


  • 0

#9
Fizzicist
Posted 09 November 2014 - 03:23 PM

Fizzicist

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

MBAM didn't find anything and I haven't had any further problems.  Thank you for your assistance.


  • 0

#10
Essexboy
Posted 09 November 2014 - 03:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

Then click OK (or press Enter ).
Wait for the uninstall process to complete.

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
Essexboy
Posted 10 November 2014 - 12:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP