[DanoNH]

Were you able to install Avast!?

[Advertisements]

yes i did everything including the scan it finished i clicked all tabs including generate report and everything nothing popped up im just sitting on the apply fixes screen with about 7 or so things that need "fixes"

[Jvescov1]

yes i did everything including the scan it finished i clicked all tabs including generate report and everything nothing popped up im just sitting on the apply fixes screen with about 7 or so things that need "fixes"

[Jvescov1]

this is what im looking at if it helps

[Jvescov1]

figured out the avast 

 

 

*

* Avast Scan Report

* This file is generated automatically

*

* Scan name: Full system scan

* Started on: Saturday, July 25, 2015 11:29:15 AM

* VPS: 150725-0, 07/24/2015

*

 

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)

C:\Users\Joseph\Favorites\?£sorted Bookmarks\OOTP 6 Generated Website.url [L] INI:Shortcut-inf [Trj] (0)

C:\Users\Joseph\AppData\Local\blekkotb_005\data\121103031808-l.list [L] HTML:Fraud-J (0)

C:\Users\Joseph\AppData\Local\blekkotb_005\data\121031200329-m.list [L] HTML:Fraud-J (0)

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EOQT8WW\in[1].htm [L] HTML:Iframe-inf (0)

C:\Users\Joseph\AppData\Local\blekkotb_005\data\121102165909-m.list [L] HTML:Includer-I [Trj] (0)

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir [L] Win32:Aluroot-E [Rtk] (0)

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFGKYS58\in[2].htm [L] HTML:Iframe-inf (0)

C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)

D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)

Infected files: 7

Total files: 561177

Total folders: 50537

Total size: 395.3 GB

 

*

* Scan stopped: Saturday, July 25, 2015 1:48:45 PM

* Run-time was 2 hour(s), 19 minute(s), 19 second(s)

*

[DanoNH]

The log shows that you stopped the scan:

 

* Scan stopped: Saturday, July 25, 2015 1:48:45 PM

* Run-time was 2 hour(s), 19 minute(s), 19 second(s)

 

Can I ask why you stopped it?

 

[Jvescov1]

i didnt stop it i came back and it was done. where i was able to apply fixes and view report

[DanoNH]

OK, we can remove all 7 of those items in your Avast! screen shot.  But I'd like you to change the Avast! settings to include Potentially Unwanted Programs (PUPs):

 

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"

 

Then run another full scan and post the scan log for that one please.

 

 

Next

Let's try to run the FRST fix again

• Download the attached fixlist.txt file and save it to the Desktop:  fixlist.txt   9.9KB   114 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
   

• Disable your Anti-Virus/Anti-Spyware protection software.
   
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Next

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here

• Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application.  (x.x.x.xxxx represents the current version number).
• If prompted to uninstall a previous version, please do so.
• During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish.  You can always upgrade later :
  
   
• If an update is found, it should download and install the latest updates automatically:
  
   
• Now select the Settings tab, and check the box next to Scan for rootkits:
  
   
• Go back to the Dashboard tab, and click the Scan Now button:
  
   
• The scan may take some time to finish,so please be patient.
  
   
• When the scan is complete, it will show you the results:
  
   
• Make sure that everything is checked, and click Remove Selected (or similar).
• When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
• The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
• Choose the latest Scan Log:
  
   
• In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
  
• Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

• Avast scan log with PUPs included
• FRST fixlog.txt
• MBAM log

 

And tell me how the system is running.

[Jvescov1]

here you go thanks for your continued help!

 

*

* Avast Scan Report

* This file is generated automatically

*

* Scan name: Full system scan

* Started on: Saturday, July 25, 2015 11:29:15 AM

* VPS: 150725-0, 07/24/2015

*

 

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)

C:\Users\Joseph\Favorites\?£sorted Bookmarks\OOTP 6 Generated Website.url [L] INI:Shortcut-inf [Trj] (0)

C:\Users\Joseph\AppData\Local\blekkotb_005\data\121103031808-l.list [L] HTML:Fraud-J (0)

C:\Users\Joseph\AppData\Local\blekkotb_005\data\121031200329-m.list [L] HTML:Fraud-J (0)

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EOQT8WW\in[1].htm [L] HTML:Iframe-inf (0)

C:\Users\Joseph\AppData\Local\blekkotb_005\data\121102165909-m.list [L] HTML:Includer-I [Trj] (0)

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir [L] Win32:Aluroot-E [Rtk] (0)

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFGKYS58\in[2].htm [L] HTML:Iframe-inf (0)

C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)

D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)

Infected files: 7

Total files: 561177

Total folders: 50537

Total size: 395.3 GB

 

*

* Scan stopped: Saturday, July 25, 2015 1:48:45 PM

* Run-time was 2 hour(s), 19 minute(s), 19 second(s)

*

 

*

* Avast Scan Report

* This file is generated automatically

*

* Scan name: Full system scan

* Started on: Sunday, July 26, 2015 10:07:15 PM

* VPS: 150725-1, 07/25/2015

*

 

Infected files: 0

Total files: 3509

Total folders: 1

Total size: 9.0 GB

 

*

* Scan stopped: Sunday, July 26, 2015 10:07:36 PM

* Run-time was 0 second(s)

*

 

*

* Avast Scan Report

* This file is generated automatically

*

* Scan name: Full system scan

* Started on: Sunday, July 26, 2015 10:08:56 PM

* VPS: 150725-1, 07/25/2015

*

 

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EOQT8WW\in[1].htm [L] HTML:Iframe-inf (0)

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFGKYS58\in[2].htm [L] HTML:Iframe-inf (0)

C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)

D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)

Infected files: 2

Total files: 562523

Total folders: 50568

Total size: 395.3 GB

 

*

* Scan stopped: Monday, July 27, 2015 12:41:41 AM

* Run-time was 2 hour(s), 32 minute(s), 32 second(s)

*

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015

Ran by Joseph at 2015-07-27 12:00:49 Run:2

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()

HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)

HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)

HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe

ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}

SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File

BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File

Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

Handler: javascript - No CLSID Value - 

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION

CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)

S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)

R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)

S2 adfs; No ImagePath

2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit

2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial

2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit

2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit

2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk

2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe

2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c

2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION

Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION

Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION

Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION

Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION

Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"

Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\

Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION

Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION

Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION

Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION

Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)

Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)

Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION

Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION

Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

RemoveProxy:

Hosts:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

 

Processes closed successfully.

Restore point was successfully created.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ATT-SST_UninstallTracking => value removed successfully.

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value not found.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => value removed successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0MediaIconsOerlay" => key removed successfully.

HKCR\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32} => key not found. 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 

"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}" => key removed successfully.

HKCR\CLSID\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} => key not found. 

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 

HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => key removed successfully.

HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found. 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key not found. 

HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value not found.

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.

HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. 

"HKCR\PROTOCOLS\Handler\javascript" => key removed successfully.

HKCR\PROTOCOLS\Handler\viprotocol => key not found. 

HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value removed successfully.

HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => key not found. 

"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.

C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.

"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => key removed successfully.

C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.

"C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml" => not found.

"C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml" => not found.

"C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml" => not found.

"C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml" => not found.

"C:\Program Files\mozilla firefox\searchplugins\searchme.xml" => not found.

"C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.

C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] => not found.

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Error, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Update, Bad md5 or size: akadomains, 11, 

Error, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Update, Bad md5 or size: akaips, 11, 

Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, 

Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.22.1, 

Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, 

Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.27.5, 

Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1, 

Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.27.2, 

Update, 7/27/2015 12:07:46 PM, SYSTEM, JOSEPH-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.27.5, 

Update, 7/27/2015 3:16:20 PM, SYSTEM, JOSEPH-PC, Manual, Malware Database, 2015.7.27.5, 2015.7.27.7, 

Error, 7/27/2015 6:02:07 PM, SYSTEM, JOSEPH-PC, Protection, IsLicensed, 13, 

Protection, 7/27/2015 6:02:08 PM, SYSTEM, JOSEPH-PC, Protection, Malware Protection, Stopping, 

Protection, 7/27/2015 6:02:08 PM, SYSTEM, JOSEPH-PC, Protection, Malware Protection, Stopped, 

 

(end)

 

[DanoNH]

You're most welcome.  Well we have some further progress it seems, but we still have work to do here.   I have some questions/requests for you:

1. Did you tell Avast to Apply the "Fix Automatically" action to the items it found?  If not, please do so.
    
2. The Malwarebytes log looks like a Protection Log, not a Scan Log.  Did you complete a scan with it?  If not, please do so and in either case, please post the contents of the most recent Scan Log.  It normally will open a text document when it's done which you can copy/paste from.
   1. The log is also automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs. 
       
   2. Choose the latest Scan Log:
      
      
       
   3. In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
      
      
       
   4. Copy/Paste the contents of the MBAM log back here for review.

 

Also, the FRST fix partially ran, but something interrupted it.  I am working on something to address that now. 

[Jvescov1]

yes everything was on fix auto i believe. here are the contents of a mbam.

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/28/2015

Scan Time: 2:02:43 AM

Logfile: mba.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.07.28.02

Rootkit Database: v2015.07.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Joseph

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 383719

Time Elapsed: 2 hr, 59 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Deep Rootkit Scan: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[DanoNH]

OK, the MBAM log looks clean, which is good.  We still have some work for FRST to do so here so hang in there. 
 
Now
Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop.   fixlist.txt   6.61KB   176 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
   
• Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
   
• Disable Avast by right-clicking on the System Tray icon and selecting Avast Shields Control > Disable until computer is restarted
   
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
   
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
   
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

 

[DanoNH]

If you haven't run the FRST fix yet, please use this fixlist.txt file:  fixlist.txt   6.59KB   143 downloads

 

Also, you shouldn't need to disable Avast but you can if you like...

[Jvescov1]

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015

Ran by Joseph (2015-07-29 21:19:40) Run:3

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION

CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)

S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)

R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)

S2 adfs; No ImagePath

2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit

2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial

2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit

2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit

2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk

2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe

2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c

2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION

Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION

Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION

Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION

Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION

Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"

Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\

Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION

Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION

Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION

Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION

Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)

Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)

Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION

Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION

Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

RemoveProxy:

Hosts:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

[DanoNH]

Hi, we don't normally request this, but can you please attach the fixlog.txt file to a reply?

[DanoNH]

Let's try this one more time...    Sorry for the iterations with FRST here but there is an issue that hopefully this round will confirm.

 

Now
Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop.  fixlist.txt   5.7KB   197 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
   
• Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
   
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
   
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
   
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Next

Reset/Refresh Mozilla Firefox
NOTE: Your bookmarks will be lost.  If you wish to backup your Firefox bookmarks, see here.

• Open Firefox
• Goto the three stripes icon in the upper right corner, which looks like this:
• In the bottom right of the menu that opens, click on the Blue question mark
• Select Troubleshooting Information in the menu
• Click the Refresh Firefox button
• Confirm Refresh Firefox again at the prompt
• Note: Old data from Firefox will be placed on your Windows Desktop in a folder called Old Firefox data. Delete this folder.