Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Conflicting Protection? [Closed]


  • This topic is locked This topic is locked

#76
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Were you able to install Avast!?


  • 0

Advertisements


#77
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

yes i did everything including the scan it finished i clicked all tabs including generate report and everything nothing popped up im just sitting on the apply fixes screen with about 7 or so things that need "fixes"


  • 0

#78
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

this is what im looking at if it helps207ay3a.jpg


  • 0

#79
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

:spoton: figured out the avast 

 

 

*
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Saturday, July 25, 2015 11:29:15 AM
* VPS: 150725-0, 07/24/2015
*
 
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\Users\Joseph\Favorites\?£sorted Bookmarks\OOTP 6 Generated Website.url [L] INI:Shortcut-inf [Trj] (0)
C:\Users\Joseph\AppData\Local\blekkotb_005\data\121103031808-l.list [L] HTML:Fraud-J (0)
C:\Users\Joseph\AppData\Local\blekkotb_005\data\121031200329-m.list [L] HTML:Fraud-J (0)
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EOQT8WW\in[1].htm [L] HTML:Iframe-inf (0)
C:\Users\Joseph\AppData\Local\blekkotb_005\data\121102165909-m.list [L] HTML:Includer-I [Trj] (0)
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir [L] Win32:Aluroot-E [Rtk] (0)
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFGKYS58\in[2].htm [L] HTML:Iframe-inf (0)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
Infected files: 7
Total files: 561177
Total folders: 50537
Total size: 395.3 GB
 
*
* Scan stopped: Saturday, July 25, 2015 1:48:45 PM
* Run-time was 2 hour(s), 19 minute(s), 19 second(s)
*

  • 0

#80
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

The log shows that you stopped the scan:

 

* Scan stopped: Saturday, July 25, 2015 1:48:45 PM
* Run-time was 2 hour(s), 19 minute(s), 19 second(s)

 

Can I ask why you stopped it?

 


  • 0

#81
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

i didnt stop it i came back and it was done. where i was able to apply fixes and view report


  • 0

#82
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, we can remove all 7 of those items in your Avast! screen shot.  But I'd like you to change the Avast! settings to include Potentially Unwanted Programs (PUPs):

 

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
pups.JPG

 

Then run another full scan and post the scan log for that one please.

 

 

Next

Let's try to run the FRST fix again

  • Download the attached fixlist.txt file and save it to the Desktop: Attached File  fixlist.txt   9.9KB   29 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Disable your Anti-Virus/Anti-Spyware protection software.
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Next

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application.  (x.x.x.xxxx represents the current version number).
  • If prompted to uninstall a previous version, please do so.
  • During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish.  You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
     
  • If an update is found, it should download and install the latest updates automatically:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM_ScanSettings_zpsobmtmm4g.png
     
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • The scan may take some time to finish,so please be patient.
    MBAM_Scanning_zps7ytxgci2.png
     
  • When the scan is complete, it will show you the results:
    MBAM_Remove_zpszsjiczt4.png
     
  • Make sure that everything is checked, and click Remove Selected (or similar).
  • When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
  • Choose the latest Scan Log:
    MBAM_ScanLog_zpslkvxr7dk.png
     
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    MBAM_ExportLog_zpswbzi1y40.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

  • Avast scan log with PUPs included
  • FRST fixlog.txt
  • MBAM log

 

And tell me how the system is running. :)


  • 0

#83
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

here you go thanks for your continued help!

 

*
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Saturday, July 25, 2015 11:29:15 AM
* VPS: 150725-0, 07/24/2015
*
 
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\Users\Joseph\Favorites\?£sorted Bookmarks\OOTP 6 Generated Website.url [L] INI:Shortcut-inf [Trj] (0)
C:\Users\Joseph\AppData\Local\blekkotb_005\data\121103031808-l.list [L] HTML:Fraud-J (0)
C:\Users\Joseph\AppData\Local\blekkotb_005\data\121031200329-m.list [L] HTML:Fraud-J (0)
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EOQT8WW\in[1].htm [L] HTML:Iframe-inf (0)
C:\Users\Joseph\AppData\Local\blekkotb_005\data\121102165909-m.list [L] HTML:Includer-I [Trj] (0)
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir [L] Win32:Aluroot-E [Rtk] (0)
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFGKYS58\in[2].htm [L] HTML:Iframe-inf (0)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
Infected files: 7
Total files: 561177
Total folders: 50537
Total size: 395.3 GB
 
*
* Scan stopped: Saturday, July 25, 2015 1:48:45 PM
* Run-time was 2 hour(s), 19 minute(s), 19 second(s)
*
 
*
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Sunday, July 26, 2015 10:07:15 PM
* VPS: 150725-1, 07/25/2015
*
 
Infected files: 0
Total files: 3509
Total folders: 1
Total size: 9.0 GB
 
*
* Scan stopped: Sunday, July 26, 2015 10:07:36 PM
* Run-time was 0 second(s)
*
 
*
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Sunday, July 26, 2015 10:08:56 PM
* VPS: 150725-1, 07/25/2015
*
 
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EOQT8WW\in[1].htm [L] HTML:Iframe-inf (0)
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFGKYS58\in[2].htm [L] HTML:Iframe-inf (0)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
Infected files: 2
Total files: 562523
Total folders: 50568
Total size: 395.3 GB
 
*
* Scan stopped: Monday, July 27, 2015 12:41:41 AM
* Run-time was 2 hour(s), 32 minute(s), 32 second(s)
*
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Joseph at 2015-07-27 12:00:49 Run:2
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Handler: javascript - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S2 adfs; No ImagePath
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ATT-SST_UninstallTracking => value removed successfully.
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0MediaIconsOerlay" => key removed successfully.
HKCR\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}" => key removed successfully.
HKCR\CLSID\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} => key not found. 
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => key removed successfully.
HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key not found. 
HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. 
"HKCR\PROTOCOLS\Handler\javascript" => key removed successfully.
HKCR\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value removed successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => key not found. 
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => key removed successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
"C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml" => not found.
"C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml" => not found.
"C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml" => not found.
"C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml" => not found.
"C:\Program Files\mozilla firefox\searchplugins\searchme.xml" => not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.
C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] => not found.
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Error, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Update, Bad md5 or size: akadomains, 11, 
Error, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Update, Bad md5 or size: akaips, 11, 
Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, 
Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.22.1, 
Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, 
Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.27.5, 
Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1, 
Update, 7/27/2015 12:07:43 PM, SYSTEM, JOSEPH-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.27.2, 
Update, 7/27/2015 12:07:46 PM, SYSTEM, JOSEPH-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.27.5, 
Update, 7/27/2015 3:16:20 PM, SYSTEM, JOSEPH-PC, Manual, Malware Database, 2015.7.27.5, 2015.7.27.7, 
Error, 7/27/2015 6:02:07 PM, SYSTEM, JOSEPH-PC, Protection, IsLicensed, 13, 
Protection, 7/27/2015 6:02:08 PM, SYSTEM, JOSEPH-PC, Protection, Malware Protection, Stopping, 
Protection, 7/27/2015 6:02:08 PM, SYSTEM, JOSEPH-PC, Protection, Malware Protection, Stopped, 
 
(end)
 

  • 0

#84
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

You're most welcome.  Well we have some further progress it seems, but we still have work to do here.   I have some questions/requests for you:

  1. Did you tell Avast to Apply the "Fix Automatically" action to the items it found?  If not, please do so.
     
  2. The Malwarebytes log looks like a Protection Log, not a Scan Log.  Did you complete a scan with it?  If not, please do so and in either case, please post the contents of the most recent Scan Log.  It normally will open a text document when it's done which you can copy/paste from.
    1. The log is also automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs
       
    2. Choose the latest Scan Log:

      MBAM_ScanLog_zpslkvxr7dk.png
       
    3. In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.

      MBAM_ExportLog_zpswbzi1y40.png
       
    4. Copy/Paste the contents of the MBAM log back here for review.

 

Also, the FRST fix partially ran, but something interrupted it.  I am working on something to address that now. 


  • 0

#85
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

yes everything was on fix auto i believe. here are the contents of a mbam.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/28/2015
Scan Time: 2:02:43 AM
Logfile: mba.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.28.02
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Joseph
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383719
Time Elapsed: 2 hr, 59 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#86
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, the MBAM log looks clean, which is good.  We still have some work for FRST to do so here so hang in there.  :)
 
Now
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the DesktopAttached File  fixlist.txt   6.61KB   58 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
     
  • Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Disable Avast by right-clicking on the System Tray icon and selecting Avast Shields Control > Disable until computer is restarted
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
     
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
     
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

 


  • 0

#87
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

If you haven't run the FRST fix yet, please use this fixlist.txt file:Attached File  fixlist.txt   6.59KB   37 downloads

 

Also, you shouldn't need to disable Avast but you can if you like... :)


  • 0

#88
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Fix result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015
Ran by Joseph (2015-07-29 21:19:40) Run:3
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S2 adfs; No ImagePath
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

  • 0

#89
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hi, we don't normally request this, but can you please attach the fixlog.txt file to a reply?


  • 0

#90
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Let's try this one more time...  :)  Sorry for the iterations with FRST here but there is an issue that hopefully this round will confirm.

 

Now
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the Desktop. Attached File  fixlist.txt   5.7KB   79 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
     
  • Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
     
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
     
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Next

Reset/Refresh Mozilla Firefox
NOTE: Your bookmarks will be lost.  If you wish to backup your Firefox bookmarks, see here.

  • Open Firefox
  • Goto the three stripes icon in the upper right corner, which looks like this: ChromeMenu_zpsr7fyk3vo.png
  • In the bottom right of the menu that opens, click on the Blue question mark
  • Select Troubleshooting Information in the menu
  • Click the Refresh Firefox button
  • Confirm Refresh Firefox again at the prompt
  • Note: Old data from Firefox will be placed on your Windows Desktop in a folder called Old Firefox data. Delete this folder.

 

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP