Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help please! Computer affected! Cannot run any anti-virus [Sol

Started by solesister , Sep 26 2015 12:03 AM

antivirus

This topic is locked

#1
solesister

Posted 26 September 2015 - 12:03 AM

Member

Member
29 posts

Hi Experts,

My HP computer Windows 7 with 64-bit operating system, cannot run any anti-virus. I have McAfee LiveSafe – Internet Security, cannot run. I also tried to download other anti-virus, cannot install. It looks like someone is using my Apple ID buying product named CoPilot Premium HD from iTunes Store as I just received invoice via email.

I installed Farbar Recover Scan Tool and FRST.txt is as attached. I do not know what I should do next.

Thanks in advance!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by User (administrator) on USER-HP (26-09-2015 15:49:02)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Yan_Button & OSD\FastUserSwitching.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Yan_Button & OSD\YANOSD.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(SafeKey) C:\Program Files (x86)\SafeKey\npmcafee.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10804768 2010-05-05] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-15] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Buttons & OSDs control application gen3] => c:\Program Files (x86)\Hewlett-Packard\Yan_Button & OSD\FastUserSwitching.exe [53248 2010-01-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2009-10-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-08-21] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [BackUp3900327047] => C:\Users\User\AppData\Roaming\BackUp3900327047.exe [435712 2009-07-14] ()
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-05-27]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9F9A820C-7B69-4B55-A540-C1ADC75FCCD8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EB2D1E50-2E1F-497B-B0A9-EEA735A3C0C5}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/CQALL/13
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {3A249EC2-1678-4071-85E7-196FA2D52C04} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {582AD449-C0A0-4A41-8809-E685918B79A0} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {82207969-DD22-4768-A113-17883D0E5A39} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {3A249EC2-1678-4071-85E7-196FA2D52C04} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {582AD449-C0A0-4A41-8809-E685918B79A0} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {82207969-DD22-4768-A113-17883D0E5A39} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> DefaultScope {5DB5B3BE-8F77-42B6-9BD4-97B5E88BB504} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=B011AU105D20150527&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {26BBCD27-7FAC-44B7-A66A-CEE9D8807D6C} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {3A249EC2-1678-4071-85E7-196FA2D52C04} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {3FA76A27-2549-4A07-9BD7-3F465B0A6440} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=B011AU105D20150331&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {582AD449-C0A0-4A41-8809-E685918B79A0} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {5DB5B3BE-8F77-42B6-9BD4-97B5E88BB504} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=B011AU105D20150527&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {82207969-DD22-4768-A113-17883D0E5A39} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-27] (McAfee)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
BHO-x32: No Name -> {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-27] (McAfee)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-05-27] (McAfee)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - No File
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-05-27] (McAfee)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.1.7 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2013-06-19] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2013-06-19] (Tencent)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2012-10-25] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2012-07-24] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.7\Bin\npSSOAxCtrlForPTLogin.dll [2013-05-23] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-05-27]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=a13251-155&t=4
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR DefaultSearchURL: Default -> hxxps://au.search.yahoo.com/search?fr=mcafee&type=B211AU105D20150331&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-05-28]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-20] (Hewlett-Packard Company) [File not signed]
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 0177761443167264mcinstcleanup; C:\Windows\TEMP\017776~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-18] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2011-06-23] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2011-06-23] (Nicomsoft Ltd.) [File not signed]
S3 BS3900327047; \??\C:\Users\User\AppData\Local\Temp\NTFS.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 15:49 - 2015-09-26 15:49 - 00025311 _____ C:\Users\User\Downloads\FRST.txt
2015-09-26 15:47 - 2015-09-26 15:49 - 00005613 _____ C:\Windows\system32\DB3900327047
2015-09-26 14:34 - 2015-09-26 14:34 - 00000000 ____D C:\Users\User\Downloads\mbam-chameleon-3.1.25.0
2015-09-26 14:33 - 2015-09-26 14:33 - 06383209 _____ C:\Users\User\Downloads\mbam-chameleon-3.1.25.0.zip
2015-09-26 14:21 - 2015-09-26 15:49 - 00000000 ____D C:\FRST
2015-09-26 14:20 - 2015-09-26 14:20 - 02192384 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-09-26 13:18 - 2015-09-26 13:27 - 130050840 _____ (Microsoft Corporation) C:\Users\User\Downloads\msert.exe
2015-09-26 13:10 - 2015-09-26 13:10 - 08110016 _____ (McAfee, Inc.) C:\Users\User\Downloads\Setup_serial_Wf71vpCkbCodstY__wndOw2_key.exe
2015-09-26 09:31 - 2015-09-26 09:31 - 00611892 _____ C:\Windows\system32\CFG3900327047
2015-09-21 11:34 - 2015-07-24 16:17 - 00911224 _____ (CFCA) C:\Windows\system32\_npSecEditCtl.BOC.x86.dll
2015-09-21 11:34 - 2015-07-24 16:10 - 00887104 _____ (www.nitsc.cn) C:\Windows\system32\_KeyboardProtection.dll
2015-09-21 11:31 - 2015-09-21 11:32 - 01397792 _____ (CFCA) C:\Users\User\Documents\SecEdit.BOC (1).exe
2015-09-18 10:22 - 2015-09-26 11:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-18 10:22 - 2015-09-26 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-18 10:22 - 2015-09-18 10:22 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-08 12:58 - 2015-09-08 12:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CFCA
2015-09-08 12:58 - 2015-09-08 12:58 - 00000000 ____D C:\Program Files (x86)\CFCA
2015-09-08 12:56 - 2015-09-08 12:57 - 01397792 _____ (CFCA) C:\Users\User\Documents\SecEdit.BOC.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 15:45 - 2009-07-14 14:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-26 15:45 - 2009-07-14 14:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 15:02 - 2014-01-31 09:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-26 14:43 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\tracing
2015-09-26 12:26 - 2010-09-27 13:13 - 01313226 _____ C:\Windows\WindowsUpdate.log
2015-09-26 11:15 - 2015-07-20 11:51 - 00004348 _____ C:\Windows\setupact.log
2015-09-26 11:15 - 2014-02-05 20:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-09-26 11:15 - 2014-01-31 09:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 11:15 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 11:14 - 2015-05-27 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-26 11:14 - 2014-01-31 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-26 11:14 - 2013-08-22 17:56 - 00000000 ____D C:\Windows\Minidump
2015-09-26 11:14 - 2013-03-14 22:14 - 00000000 ____D C:\ProgramData\FLEXnet
2015-09-26 11:14 - 2013-03-14 16:24 - 00000000 ____D C:\ProgramData\Skype
2015-09-26 11:14 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-26 11:14 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-09-26 09:13 - 2013-03-09 07:41 - 00400084 _____ C:\Windows\PFRO.log
2015-09-26 09:13 - 2013-03-09 07:41 - 00322906 ____N C:\Windows\Minidump\092615-22292-01.dmp
2015-09-25 15:59 - 2013-03-14 16:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-09-25 15:58 - 2014-02-15 20:39 - 00000000 ____D C:\Users\User\Documents\D90
2015-09-25 14:33 - 2009-07-14 15:13 - 00796746 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-23 14:56 - 2015-06-29 13:32 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-22 16:00 - 2015-05-27 22:32 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-21 00:02 - 2010-09-27 13:24 - 00000000 ____D C:\ProgramData\PDFC
2015-09-17 07:57 - 2014-01-31 09:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 07:57 - 2014-01-31 09:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 11:35 - 2013-06-19 15:03 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-09-04 07:09 - 2013-03-16 19:08 - 00000000 ____D C:\ProgramData\McAfee
2015-09-04 07:04 - 2015-05-27 22:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-30 13:38 - 2009-07-14 14:45 - 03027464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-27 21:59 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-27 18:43 - 2013-03-08 13:58 - 00117376 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-27 17:32 - 2013-03-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2015-05-27 22:36 - 2015-05-27 22:36 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2009-07-14 09:19 - 2009-07-14 11:14 - 0435712 _____ () C:\Users\User\AppData\Roaming\BackUp3900327047.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-22 14:10

==================== End of FRST.txt ============================

Attached Files

Addition.txt 35.2KB 698 downloads
FRST.txt 31.2KB 634 downloads

#2
Essexboy

Posted 27 September 2015 - 05:42 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi do you recognise this programme ? C:\Users\User\AppData\Roaming\BackUp3900327047.exe

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [AdobeBridge] => [X]
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO-x32: No Name -> {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM-x32 - No Name - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.1.7 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2013-06-19] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2013-06-19] (Tencent)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2012-10-25] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2012-07-24] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.7\Bin\npSSOAxCtrlForPTLogin.dll [2013-05-23] (Tencent)
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=a13251-155&t=4
S3 BS3900327047; \??\C:\Users\User\AppData\Local\Temp\NTFS.sys [X]
2015-09-26 15:47 - 2015-09-26 15:49 - 00005613 _____ C:\Windows\system32\DB3900327047
2015-09-26 09:31 - 2015-09-26 09:31 - 00611892 _____ C:\Windows\system32\CFG3900327047
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#3
solesister

Posted 27 September 2015 - 06:31 AM

Member

Topic Starter
Member
29 posts

Thanks for your specious time at weekend. I am away at the moment. Will be back home in 3 days and will follow up your instruction as soon as I get home. Please do not close the topic.
Thanks a lot!

#4
Essexboy

Posted 27 September 2015 - 07:35 AM

GeekU Moderator

Retired Staff
69,964 posts

No problem ... See you Wednesday or thereabouts

#5
solesister

Posted 29 September 2015 - 01:32 AM

Member

Topic Starter
Member
29 posts

Do you recognise this programme ? C:\Users\User\AppData\Roaming\BackUp3900327047.exe

No, I do not recognize this program. I had a look at this file information. Size is 425KB. It shows it is created and modified on 14/7/2009. I have not bought this desktop PC by that time. So I think this program is suspicious. What Should I do with this file, delete it?

I had a try, still cannot run anti-virus.

The Fixlog.txt is as below:

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015

Ran by User (2015-09-29 16:57:34) Run:2

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available Profiles: User)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [AdobeBridge] => [X]

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browsemngr.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browsermngr.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe

IFEO\cltmngsvc.exe: [Debugger] tasklist.exe

IFEO\delta babylon.exe: [Debugger] tasklist.exe

IFEO\delta tb.exe: [Debugger] tasklist.exe

IFEO\delta2.exe: [Debugger] tasklist.exe

IFEO\deltainstaller.exe: [Debugger] tasklist.exe

IFEO\deltasetup.exe: [Debugger] tasklist.exe

IFEO\deltatb.exe: [Debugger] tasklist.exe

IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\iminentsetup.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\rjatydimofu.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\sweetimsetup.exe: [Debugger] tasklist.exe

IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=a13251-155&apn_uid=6278355622354020&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

BHO-x32: No Name -> {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -> No File

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File

Toolbar: HKLM-x32 - No Name - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File

FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.1.7 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]

FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2013-06-19] (Tencent)

FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2013-06-19] (Tencent)

FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2012-10-25] ()

FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2012-07-24] (Tencent)

FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.7\Bin\npSSOAxCtrlForPTLogin.dll [2013-05-23] (Tencent)

CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=a13251-155&t=4

S3 BS3900327047; \??\C:\Users\User\AppData\Local\Temp\NTFS.sys [X]

2015-09-26 15:47 - 2015-09-26 15:49 - 00005613 _____ C:\Windows\system32\DB3900327047

2015-09-26 09:31 - 2015-09-26 09:31 - 00611892 _____ C:\Windows\system32\CFG3900327047

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => key not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => key not found.

HKLM\SOFTWARE\Policies\Google => key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.

HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => key not found.

HKCR\Wow6432Node\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.

HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => value not found.

HKCR\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => value not found.

HKCR\Wow6432Node\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => key not found.

HKCR\PROTOCOLS\Handler\livecall => key not found.

HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.

HKCR\PROTOCOLS\Handler\msnim => key not found.

HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@cfca.com/SecEditCtl.BOC,version=1.0.1.7 => key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome => key not found.

C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall => key not found.

C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPhotoDrawEx => key not found.

C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QzoneMusic => key not found.

C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO => key not found.

C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.7\Bin\npSSOAxCtrlForPTLogin.dll => not found.

Chrome HomePage => not found.

BS3900327047 => service not found.

C:\Windows\system32\DB3900327047 => moved successfully

C:\Windows\system32\CFG3900327047 => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 17.6 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 16:59:52 ====

#6
Essexboy

Posted 29 September 2015 - 07:56 AM

GeekU Moderator

Retired Staff
69,964 posts

Nope I will remove it

Try the AV after the FRST reboot

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [BackUp3900327047] => C:\Users\User\AppData\Roaming\BackUp3900327047.exe [435712 2009-07-14] ()
2009-07-14 09:19 - 2009-07-14 11:14 - 0435712 _____ () C:\Users\User\AppData\Roaming\BackUp3900327047.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG

On completion of the scan click save log, save it to your desktop and post in your next reply

#7
solesister

Posted 29 September 2015 - 04:14 PM

Member

Topic Starter
Member
29 posts

The fixlog.exe is as below:

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015

Ran by User (2015-09-30 08:00:04) Run:3

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available Profiles: User)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\Run: [BackUp3900327047] => C:\Users\User\AppData\Roaming\BackUp3900327047.exe [435712 2009-07-14] ()

2009-07-14 09:19 - 2009-07-14 11:14 - 0435712 _____ () C:\Users\User\AppData\Roaming\BackUp3900327047.exe

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackUp3900327047 => value removed successfully

C:\Users\User\AppData\Roaming\BackUp3900327047.exe => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 18.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 08:02:25 ====

#8
solesister

Posted 29 September 2015 - 04:21 PM

Member

Topic Starter
Member
29 posts

Downloaded aswmbr.exe, but cannot run as administrator.

#9
Essexboy

Posted 30 September 2015 - 07:50 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm there is something I am not seeing

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

http://img.photobuck...claimer_ENG.png

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#10
solesister

Posted 30 September 2015 - 06:02 PM

Member

Topic Starter
Member
29 posts

Thanks for your professional help.
When I turned on this computer this morning, the Startup Repair automatillay run. I took the pictures as attached. I am not sure if it's virus pretending as System program.

#11
solesister

Posted 30 September 2015 - 06:53 PM

Member

Topic Starter
Member
29 posts

Followed the link "How to Disable your Security Programs", but no access to disable McAfee. Cannot open McAfee security Center. Seems like McAfee is disable anyway.

Double clicked ComboFix.exe, it did run, but no log produced. Had a search on the computer, no result found.

Still cannot run McAfee.

#12
Essexboy

Posted 01 October 2015 - 07:39 AM

GeekU Moderator

Retired Staff
69,964 posts

OK we will uninstall McAfee so ensure that you have the licence data backed up first

Once done download the McAfee removal tool from here http://us.mcafee.com...s/mcpr/mcpr.aspto your desktop
From Control Panel > Programmes and Features uninstall McAfee
After the reboot run mcpr.exe that is on the desktop

Then download a fresh copy of McAfee and try an install

If you purchased your software directly from McAfee, go to https://home.mcafee....cted/Login.aspxto log in and download your software.
AT&T users, go to https://uversecentra...myhome/mam/ISS/.
Cox users, go to http://www.cox.net.
DELL users, go to https://us.mcafee.co...n.asp?affid=105.
MSN users, go to http://membercenter.msn.com.
AOL users, search on keyword: Safety (http://daol.aol.com/safetycenter). On the AOL Safety & Security page, click Download Now.

#13
solesister

Posted 01 October 2015 - 04:14 PM

Member

Topic Starter
Member
29 posts

Good morning dear teacher,

From Control Panel>Program, cannot uninstall McAfee. but HP Games is uninstalled successfully when I try this program.

Cannot run mcpr.exe that is on the desktop.

#14
Essexboy

Posted 02 October 2015 - 05:00 AM

GeekU Moderator

Retired Staff
69,964 posts

OK do you have a spare USB drive/flash drive ?

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
Launch drwebliveusb.exe.
The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
Files will be copied automatically.
Once the copying process is completed, press the Exit button to close the application.
Reboot the infected computer with the USB in the drive
Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
Use arrow keys to select DrWeb-LiveCD (Default)
Press select objects for scanning
When the system is loaded, check the disks or folders you want to scan, and click on Start.
The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
When it has completed
Select Open Report and copy to the USB
Once completed reboot to normal windows, and attach the report here

#15
solesister

Posted 02 October 2015 - 05:52 AM

Member

Topic Starter
Member
29 posts

Good evening teacher. Thanks for your patient help!

but I have trouble to understand "Registering the plugging in event takes no more than 10 seconds".

Should I download Dr Web Live USB to the desktop first, or directly download to USB?

Edited by solesister, 02 October 2015 - 06:00 AM.

Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →

Also tagged with one or more of these keywords: antivirus

Security → Virus, Spyware, Malware Removal → Hijacked Windows defender [Closed] Started by relay , 17 Nov 2023 shell, spyware, keylogger and 2 more...	8 replies 3,049 views	DR M 23 Nov 2023
Retired Forums → Windows Vista and Windows 7 → Can I Use Vista With Any Degree of Security? If so, How? Started by Waste of Space , 12 Nov 2020 firewall, vista, security, xp and 4 more...	4 replies 4,939 views	Waste of Space 15 Nov 2020
Security → Virus, Spyware, Malware Removal → I think my laptop is infected by virus idk, pls help me. [Closed] Started by jasmallari12 , 26 Feb 2019 Virus, malware, malware removal and 5 more...	8 replies 5,399 views	JSntgRvr 06 Mar 2019
Security → Virus, Spyware, Malware Removal → Can't run any anti-malware or antivirus program, tried everything Started by vesnak , 07 Jan 2018 malware, antivirus, virus and 1 more...	2 replies 3,472 views	JSntgRvr 13 Jan 2018
Security → Virus, Spyware, Malware Removal → how can I get free Antivirus software or at least 70% discount? Started by Robin2017 , 16 Jun 2017 antivirus	3 replies 2,196 views	SleepyDude 16 Jun 2017