[pystryker]

Regarding installation of the Speed Dial program -- Nothing has been installed by us during this cleaning process. The computer has been sitting, powered on, waiting for instructions from you. Wondering if this is just something that was missed earlier or if there is something else going on?

Yup - there is definately something else going on because I see the install date is 7/15/15. I received an error saying the program was already uninstalled. I sorted my installed programs by date of install and discovered that a Dell Update and Dell Support Assistant were also updated/installed yesterday.

I thought perhaps I had missed that program when I first analyzed the logs, but it didn't appear in the initial set of logs. However, the infection that affected Chrome reduces it's security. Some times it'll install things that ordinarily would have to ask you permission first. The Dell Updates are ok, as they are legitimate.
 

Chrome has been uninstalled and reinstalled.

On another topic -- I am attempting to clean up my daughter's computer. It was infected with some crap. I'm not sure it is totally clean. Would you mind taking a look in this thread or should I just start a new one??

Let's finish up this one, and we'll start on your daughter's in this thread. Once this one is finished, I'll get some logs and we'll go from there.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please start Malwarebytes and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[Advertisements]

Hi - When I started Antimalwarebytes, it prompted me to update the program.  Unfortunately, I did without realizing I shouldn't have. When I attempted to update the database afterward, it wouldn't do it. I ran the scan with your instructions and will post the log below. After the first scan was complete, I was able to update the database. I ran another scan with your instructions. That log is posted here as MBAB2 below.

 

For the second step, this computer does not have IE installed and I cannot get the Firefox browser program to open. Can I run ESET in Chrome or should I download the latest version of IE?  Please advise as I am stuck right now!  

 

MBAB1:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/18/2015

Scan Time: 6:15 AM

Logfile: mbab1.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.06.03.03

Rootkit Database: v2015.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Janice

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 606090

Time Elapsed: 3 hr, 16 min, 57 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 8

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [d37cf6c08a001a1c956a3b45d33226da], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}, Quarantined, [cd82a0165733be78eda9c3b9e81d32ce], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{951DA352-D38E-456A-84B6-2E0F0BA0A156}, Quarantined, [202fd8de4e3c57df880ee795f015f808], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}, Quarantined, [f659ad099bef78beafe7b1cb1fe6d62a], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}, Quarantined, [fe51b8fe6a2057dff0a6bcc04abb9a66], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B6A88628-857A-43AE-8AAB-140C0A3FC011}, Quarantined, [ea65ffb7b0da56e0b7dfcab2e520649c], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5E0F32A-6CB6-4CFB-8625-73FC2C225282}, Quarantined, [92bde9cdcdbd3df9deb86f0d57ae19e7], 

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [193670463f4b5bdba45bbcc4bc4954ac], 

 

Registry Values: 8

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [d37cf6c08a001a1c956a3b45d33226da]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44db423d-a0db-4664-9477-ccdceb7cd666}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, Quarantined, [cd82a0165733be78eda9c3b9e81d32ce]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{951da352-d38e-456a-84b6-2e0f0ba0a156}|AppPath, C:\Program Files (x86)\Maps4PC_0c\bar\1.bin, Quarantined, [202fd8de4e3c57df880ee795f015f808]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a5c9cb1c-1c0a-45a2-81cc-1dd342d0a478}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, Quarantined, [f659ad099bef78beafe7b1cb1fe6d62a]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a661d4dc-4bd8-48fc-964b-a24ab8157de6}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, Quarantined, [fe51b8fe6a2057dff0a6bcc04abb9a66]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b6a88628-857a-43ae-8aab-140c0a3fc011}|AppPath, C:\Program Files (x86)\Maps4PC_0c\bar\1.bin, Quarantined, [ea65ffb7b0da56e0b7dfcab2e520649c]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5e0f32a-6cb6-4cfb-8625-73fc2c225282}|AppPath, C:\Program Files (x86)\Maps4PC_0c\bar\1.bin, Quarantined, [92bde9cdcdbd3df9deb86f0d57ae19e7]

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [193670463f4b5bdba45bbcc4bc4954ac]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [f956c5f1fc8e00366ff5673bb25109f7], 

 

Files: 7

PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\deeAl4mE\deeAl4mE.exe.vir, Quarantined, [1f30a6103f4bcd69ae2d73c3cb37f907], 

PUP.Optiona.ConduitTB.Gen, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elf_1\prxtbElf_.dll.vir, Quarantined, [2728f9bd0d7d9f97b68baac5e91db947], 

PUP.Optiona.ConduitTB.Gen, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elf_1\tbElf_.dll.vir, Quarantined, [e56addd9cac0092d231ef679739345bb], 

PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Instair Speed Dial\Instair Speed Dial.exe.vir, Quarantined, [c08f486e2f5b64d253888caa976be61a], 

PUP.Optional.Multiplug.A, C:\Program Files (x86)\SectionDouble\SectionDouble.dll, Quarantined, [ee61c8ee4d3dad89b3402a240cf6cb35], 

PUP.Optional.DownloadAdmin.C, C:\Users\Janice\Downloads\vlcmediaplayer-setup(2).exe, Quarantined, [26298d2992f80a2c6bbf2947af5720e0], 

PUP.Optional.DownloadAdmin.C, C:\Users\Janice\Downloads\vlcmediaplayer-setup.exe, Quarantined, [b49b6551c0ca71c5ed3d9fd18f77c937], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

MBAB2:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/18/2015

Scan Time: 1:52 PM

Logfile: mbab2.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.07.18.03

Rootkit Database: v2015.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Janice

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 415369

Time Elapsed: 44 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [9aa1c61dd4b62c0a1438c4d1758f06fa], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[blondie53185]

Hi - When I started Antimalwarebytes, it prompted me to update the program.  Unfortunately, I did without realizing I shouldn't have. When I attempted to update the database afterward, it wouldn't do it. I ran the scan with your instructions and will post the log below. After the first scan was complete, I was able to update the database. I ran another scan with your instructions. That log is posted here as MBAB2 below.

 

For the second step, this computer does not have IE installed and I cannot get the Firefox browser program to open. Can I run ESET in Chrome or should I download the latest version of IE?  Please advise as I am stuck right now!  

 

MBAB1:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/18/2015

Scan Time: 6:15 AM

Logfile: mbab1.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.06.03.03

Rootkit Database: v2015.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Janice

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 606090

Time Elapsed: 3 hr, 16 min, 57 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 8

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [d37cf6c08a001a1c956a3b45d33226da], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}, Quarantined, [cd82a0165733be78eda9c3b9e81d32ce], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{951DA352-D38E-456A-84B6-2E0F0BA0A156}, Quarantined, [202fd8de4e3c57df880ee795f015f808], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}, Quarantined, [f659ad099bef78beafe7b1cb1fe6d62a], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}, Quarantined, [fe51b8fe6a2057dff0a6bcc04abb9a66], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B6A88628-857A-43AE-8AAB-140C0A3FC011}, Quarantined, [ea65ffb7b0da56e0b7dfcab2e520649c], 

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5E0F32A-6CB6-4CFB-8625-73FC2C225282}, Quarantined, [92bde9cdcdbd3df9deb86f0d57ae19e7], 

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [193670463f4b5bdba45bbcc4bc4954ac], 

 

Registry Values: 8

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [d37cf6c08a001a1c956a3b45d33226da]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44db423d-a0db-4664-9477-ccdceb7cd666}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, Quarantined, [cd82a0165733be78eda9c3b9e81d32ce]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{951da352-d38e-456a-84b6-2e0f0ba0a156}|AppPath, C:\Program Files (x86)\Maps4PC_0c\bar\1.bin, Quarantined, [202fd8de4e3c57df880ee795f015f808]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a5c9cb1c-1c0a-45a2-81cc-1dd342d0a478}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, Quarantined, [f659ad099bef78beafe7b1cb1fe6d62a]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a661d4dc-4bd8-48fc-964b-a24ab8157de6}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, Quarantined, [fe51b8fe6a2057dff0a6bcc04abb9a66]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b6a88628-857a-43ae-8aab-140c0a3fc011}|AppPath, C:\Program Files (x86)\Maps4PC_0c\bar\1.bin, Quarantined, [ea65ffb7b0da56e0b7dfcab2e520649c]

PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5e0f32a-6cb6-4cfb-8625-73fc2c225282}|AppPath, C:\Program Files (x86)\Maps4PC_0c\bar\1.bin, Quarantined, [92bde9cdcdbd3df9deb86f0d57ae19e7]

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [193670463f4b5bdba45bbcc4bc4954ac]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [f956c5f1fc8e00366ff5673bb25109f7], 

 

Files: 7

PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\deeAl4mE\deeAl4mE.exe.vir, Quarantined, [1f30a6103f4bcd69ae2d73c3cb37f907], 

PUP.Optiona.ConduitTB.Gen, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elf_1\prxtbElf_.dll.vir, Quarantined, [2728f9bd0d7d9f97b68baac5e91db947], 

PUP.Optiona.ConduitTB.Gen, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elf_1\tbElf_.dll.vir, Quarantined, [e56addd9cac0092d231ef679739345bb], 

PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Instair Speed Dial\Instair Speed Dial.exe.vir, Quarantined, [c08f486e2f5b64d253888caa976be61a], 

PUP.Optional.Multiplug.A, C:\Program Files (x86)\SectionDouble\SectionDouble.dll, Quarantined, [ee61c8ee4d3dad89b3402a240cf6cb35], 

PUP.Optional.DownloadAdmin.C, C:\Users\Janice\Downloads\vlcmediaplayer-setup(2).exe, Quarantined, [26298d2992f80a2c6bbf2947af5720e0], 

PUP.Optional.DownloadAdmin.C, C:\Users\Janice\Downloads\vlcmediaplayer-setup.exe, Quarantined, [b49b6551c0ca71c5ed3d9fd18f77c937], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

MBAB2:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/18/2015

Scan Time: 1:52 PM

Logfile: mbab2.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.07.18.03

Rootkit Database: v2015.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Janice

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 415369

Time Elapsed: 44 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [9aa1c61dd4b62c0a1438c4d1758f06fa], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[pystryker]

For the second step, this computer does not have IE installed and I cannot get the Firefox browser program to open. Can I run ESET in Chrome or should I download the latest version of IE? Please advise as I am stuck right now!

Hello

That's fine with MBAM, the logs look good, as everything they found has been quarantined.

For now, go ahead and install IE to run ESET. What is occurring when you try to open Firefox?

[blondie53185]

Arg! We are so close and I cannot install IE.  This is the link I am downloading from http://windows.micro...rer/download-ie.  When I go to run, it says a newer version is in the middle of installing. I searched in the remove program window and it IE isn't listed there.

 

With FF, no matter if I click a shortcut or attempt to start it through the programs menu, absolutely nothing happens - even if I right click to start as Admin.

 

S O S 

[pystryker]

With FF, no matter if I click a shortcut or attempt to start it through the programs menu, absolutely nothing happens - even if I right click to start as Admin.

Ok, uninstall it, and then reinstall a fresh copy.

You can find the latest version here: https://www.mozilla....e=2#download-fx

[blondie53185]

ESET:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=fc7534cec641da4c968ff2651b2e62b2

# end=init

# utc_time=2015-07-19 12:30:39

# local_time=2015-07-18 08:30:39 (-0500, Eastern Daylight Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Finalize

Updated modules version: 24869

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=fc7534cec641da4c968ff2651b2e62b2

# end=updated

# utc_time=2015-07-19 12:35:47

# local_time=2015-07-18 08:35:47 (-0500, Eastern Daylight Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=fc7534cec641da4c968ff2651b2e62b2

# engine=24869

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-07-19 02:31:13

# local_time=2015-07-18 10:31:13 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Internet Security'

# compatibility_mode=779 16777213 85 85 0 200771963 0 0

# scanned=265732

# found=14

# cleaned=0

# scan_time=6925

sh=AA7EA0195B57C42217D81081FAAD865B62AD649D ft=1 fh=c71c001184175fbe vn="a variant of Win32/Adware.MultiPlug.IX application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir"

sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"

sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"

sh=CE232FB656EC7D6578DFBC7B8D5D0C61E2B74D09 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip"

sh=CE232FB656EC7D6578DFBC7B8D5D0C61E2B74D09 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip"

sh=06B0E97D9554E6330272B6EAF2630A95F1B9D623 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NCE trojan" ac=I fn="C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\14d1d290-7e727e03"

sh=75D1BE730267A03D4C1954BD6BBB2EB7DEE804A8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\701b7961-60a0703f"

sh=82961301732E8AF889BDB1B7E50197C8B433BC5B ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NCM trojan" ac=I fn="C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-4e389548"

sh=06B0E97D9554E6330272B6EAF2630A95F1B9D623 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NCE trojan" ac=I fn="C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-540f1c4c"

sh=F2CE83B267727AB32E0C1A36E1ECA550A6F9828D ft=0 fh=0000000000000000 vn="Java/Agent.EE trojan" ac=I fn="C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6f5908f2-78daeda0"

sh=06B0E97D9554E6330272B6EAF2630A95F1B9D623 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NCE trojan" ac=I fn="C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-40f1d485"

sh=EA8C6C03FA64078186E7CE44C12DCE29F78E3064 ft=1 fh=4cfc3d5b02cd0fb7 vn="Win32/Idmsq.A potentially unwanted application" ac=I fn="C:\Users\Janice\AppData\Roaming\IDM2\Setup.exe"

sh=9D14F34EF23B45EBDC9A2912456C133F88116EB2 ft=1 fh=ed8e72b007af64b0 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Janice\Downloads\CuteWriter.exe"

sh=94F850FA5E86E6AB2BEE2552716C9491CA58354E ft=1 fh=546bb2a66f4e8a03 vn="Win32/Idmsq.A potentially unwanted application" ac=I fn="C:\Users\Janice\Downloads\IDM2-Windows-en-us.exe"

 

Checkup,txt

 Results of screen317's Security Check version 1.005  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

Trend Micro AntiVirus   

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 SpywareBlaster 5.0    

 Spybot - Search & Destroy 

 TuneUp Utilities 2013   

 TuneUp Utilities Language Pack (en-US) 

 TuneUp Utilities 2013   

 Java 7 Update 51  

 Java version 32-bit out of Date! 

 Adobe Flash Player 18.0.0.209  

 Adobe Reader 10.1.13 Adobe Reader out of Date!  

 Mozilla Firefox (39.0) 

 Google Chrome (43.0.2357.134) 

````````Process Check: objlist.exe by Laurent````````  

 ESET ESET Online Scanner OnlineScannerApp.exe  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

 

Seems to me there is still something going on. Should I have these 2 folders? 'program files (x86)' and 'PROGRAM FILES (X86) (X86)'?

[pystryker]

Seems to me there is still something going on. Should I have these 2 folders? 'program files (x86)' and 'PROGRAM FILES (X86) (X86)'?

Yes, the Program Files (x86) is critical to the running of your machine. It provides you with the location for 32bit software. Your machine is running 64bit Windows 7. Not all applications or programs have a 64bit version of the program. This location allows your machine to run 32bit programs and applications on your machine.

The other one Program files (X86) (X86) appears to be left over from the uninstallation of a program and is usually harmless. Let's take a look and see if there's anything inside the folder.

I'd also like to check the services on the machine as it shows Windows Security Center is not running.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Farbar's Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Step 2: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\14d1d290-7e727e03
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\701b7961-60a0703f
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-540f1c4c
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6f5908f2-78daeda0
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-40f1d485
C:\Users\Janice\AppData\Roaming\IDM2\Setup.exe
C:\Users\Janice\Downloads\CuteWriter.exe
C:\Users\Janice\Downloads\IDM2-Windows-en-us.exe
Folder: C:\PROGRAM FILES (X86) (X86)
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

FSS.txt Log

Fixlog.txt Log

[blondie53185]

FSS.log

Farbar Service Scanner Version: 17-01-2015

Ran by Janice (administrator) on 19-07-2015 at 09:59:34

Running from "C:\Users\Janice\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Action Center:

============

 

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.

Unable to retrieve ServiceDll of wscsvc. The value does not exist.

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.

Unable to retrieve ServiceDll of WinDefend. The value does not exist.

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01

Ran by Janice at 2015-07-19 10:05:17 Run:2

Running from F:\

Loaded Profiles: Janice (Available Profiles: Janice)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

ProxyEnable: [S-1-5-21-6097087-3349055275-674374335-1000] => Internet Explorer proxy is enabled

ProxyServer: [S-1-5-21-6097087-3349055275-674374335-1000] => http=127.0.0.1:49309;https=127.0.0.1:49309

URLSearchHook: HKLM-x32 - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File

SearchScopes: HKLM-x32 -> {2e51ec4e-2fa9-40fa-9007-2411de34e7ca} URL = http://search.mywebs...r={searchTerms}

SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2418376

SearchScopes: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> {2e51ec4e-2fa9-40fa-9007-2411de34e7ca} URL = http://search.mywebs...r={searchTerms}

SearchScopes: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> {59365E44-D5A1-4690-9826-C134F0E26115} URL = http://websearch.ask...D0-C625B5E9F6CA

SearchScopes: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://www.ask.com/w...q={searchTerms}

SearchScopes: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox...id=80737&lng=en

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM-x32 - No Name - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File

Toolbar: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

Toolbar: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File

Toolbar: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Toolbar: HKU\S-1-5-21-6097087-3349055275-674374335-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

FF SearchPlugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\alot-search.xml [2011-05-18]

FF SearchPlugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\askcom.xml [2013-06-22]

FF SearchPlugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\mywebsearch.xml [2011-02-14]

FF SearchPlugin: C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\searchalot.xml [2010-06-16]

CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Janice\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [Not Found]

R2 70e6ca8c; c:\Program Files (x86)\optimizer pro\optprocrash.dll [3618760 2014-06-02] ()

AppInit_DLLs: C:\PROGRA~2\Optimizer Pro\OptProCrash_x64.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2720144 2014-06-02] ()

AppInit_DLLs-x32: c:\progra~2\optimizer pro\optprocrash.dll => c:\Program Files (x86)\optimizer pro\optprocrash.dll [3618760 2014-06-02] ()

S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

C:\ProgramData\ql55tCu4.dat

Task: {1FF7FE9B-38FD-4C2F-AB1A-6A244090BDF1} - System32\Tasks\f88b1100 => C:\Users\Janice\AppData\Local\Temp\\setup3479592512.exe <==== ATTENTION

Task: {2BB45CAF-2D4E-4C26-ADE6-442172C96775} - System32\Tasks\4c855a80 => C:\Users\Janice\AppData\Local\Temp\\setup678974272.exe <==== ATTENTION

Task: {6213FA80-B50E-4B64-A383-461D60D21191} - System32\Tasks\4b5fba00 => C:\Users\Janice\AppData\Local\Temp\\setup592524416.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

RemoveProxy:

Emptytemp:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Policies\Google => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} => value not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca} => key not found. 

HKCR\Wow6432Node\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca} => key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 

HKCR\Wow6432Node\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca} => key not found. 

HKCR\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59365E44-D5A1-4690-9826-C134F0E26115} => key not found. 

HKCR\CLSID\{59365E44-D5A1-4690-9826-C134F0E26115} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => key not found. 

HKCR\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => key not found. 

HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.

HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.

HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{22e03916-85c5-44b0-8dc9-1830c11238d9} => value not found.

HKCR\Wow6432Node\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value not found.

HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} => value not found.

HKCR\CLSID\{37153479-1976-43C3-A1EE-557513977B64} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.

HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 

HKU\S-1-5-21-6097087-3349055275-674374335-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 

"C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\alot-search.xml" => not found.

"C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\askcom.xml" => not found.

"C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\mywebsearch.xml" => not found.

"C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\2rc743pj.default\searchplugins\searchalot.xml" => not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb => key not found. 

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => key not found. 

70e6ca8c => Service not found.

"C:\PROGRA~2\Optimizer Pro\OptProCrash_x64.dll" => value data not found.

"c:\progra~2\optimizer pro\optprocrash.dll" => value data not found.

PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service not found.

"C:\ProgramData\ql55tCu4.dat" => File/Folder not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF7FE9B-38FD-4C2F-AB1A-6A244090BDF1} => key not found. 

C:\Windows\System32\Tasks\f88b1100 not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f88b1100 => key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB45CAF-2D4E-4C26-ADE6-442172C96775} => key not found. 

C:\Windows\System32\Tasks\4c855a80 not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4c855a80 => key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6213FA80-B50E-4B64-A383-461D60D21191} => key not found. 

C:\Windows\System32\Tasks\4b5fba00 not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4b5fba00 => key not found. 

"C:\ProgramData\TEMP" => ":430C6D84" ADS not found.

"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.

"C:\ProgramData\TEMP" => ":A8ADE5D8" ADS not found.

"C:\ProgramData\TEMP" => ":D1B5B4F1" ADS not found.

"C:\ProgramData\TEMP" => ":DFC5A2B2" ADS not found.

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

0 out of 0 jobs canceled.

 

========= End of CMD: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-6097087-3349055275-674374335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

EmptyTemp: => 1.4 GB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 10:06:29 ====

[pystryker]

Hello

You appear to have run a fixlist from earlier when we started cleaning your machine. Also, please make sure that you are running FRST64.exe from the Desktop.

Please run the fixlist below to remove the items ESET found. I'm also going to consult with some of my colleagues regarding the Windows Security Center not running, as we need to repair that. It may take them a bit to respond, but we'll get it taken care of. But, let's get rid of the files first.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\14d1d290-7e727e03
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\701b7961-60a0703f
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-540f1c4c
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6f5908f2-78daeda0
C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-40f1d485
C:\Users\Janice\AppData\Roaming\IDM2\Setup.exe
C:\Users\Janice\Downloads\CuteWriter.exe
C:\Users\Janice\Downloads\IDM2-Windows-en-us.exe
Folder: C:\PROGRAM FILES (X86) (X86)
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

[blondie53185]

Sorry about the confusion. Here is the log from the frst I just ran:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01

Ran by Janice at 2015-07-19 17:46:06 Run:3

Running from C:\Users\Janice\Desktop

Loaded Profiles: Janice (Available Profiles: Janice)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

tart

CreateRestorePoint:

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\14d1d290-7e727e03

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\701b7961-60a0703f

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-540f1c4c

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6f5908f2-78daeda0

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-40f1d485

C:\Users\Janice\AppData\Roaming\IDM2\Setup.exe

C:\Users\Janice\Downloads\CuteWriter.exe

C:\Users\Janice\Downloads\IDM2-Windows-en-us.exe

Folder: C:\PROGRAM FILES (X86) (X86)

End

*****************

 

tart => Error: No automatic fix found for this entry.

Restore point was successfully created.

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip => moved successfully.

"C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip" => File/Folder not found.

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\14d1d290-7e727e03 => moved successfully.

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\701b7961-60a0703f => moved successfully.

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-540f1c4c => moved successfully.

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6f5908f2-78daeda0 => moved successfully.

C:\Users\Janice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-40f1d485 => moved successfully.

C:\Users\Janice\AppData\Roaming\IDM2\Setup.exe => moved successfully.

C:\Users\Janice\Downloads\CuteWriter.exe => moved successfully.

C:\Users\Janice\Downloads\IDM2-Windows-en-us.exe => moved successfully.

 

========================= Folder: C:\PROGRAM FILES (X86) (X86) ========================

 

folder not found

 

==== End of Fixlog 17:46:38 ====

[blondie53185]

Btw - there was nothing inside the Programs (x86) (x86) except a couple empty folders. I deleted this folder just after you explained them to me.

[pystryker]

Btw - there was nothing inside the Programs (x86) (x86) except a couple empty folders. I deleted this folder just after you explained them to me.

Ok, no worries there, then. That fixlog looks much better. Let's see if we can fix the Windows Security Center.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Reg File Merge

Please read these instructions very carefully as we will be modifying the registry with this fix.

• Please click the here to download the Windows Reg File.
• Please ensure you save it to the Desktop.
• Once saved, locate it on your Desktop, put your mouse cursor over the wscsvc.reg file, right click and select Merge
• Windows will ask if you want to Run or Cancel. Select Run to merge the file.
• You should get a message saying the file was successfully imported/merged.
• Important: Reboot the machine and proceed to Step 2.

Step 2: Re-Run Farbar's Service Scanner

Please start Farbar's Service Scanner.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Things I need to see in your next post:

FSS.txt Log

[blondie53185]

Here you go - FSS.txt:

Farbar Service Scanner Version: 17-01-2015

Ran by Janice (administrator) on 19-07-2015 at 21:34:09

Running from "C:\Users\Janice\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.

Unable to retrieve ServiceDll of WinDefend. The value does not exist.

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[pystryker]

Very well done. The file merged successfully, and the FSS log confirms that the Security Center is working properly.

Let's update the 2 programs that SecurityCheck reported earlier.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Program Updates

A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.

• Click on this link Java Website and click Do I Have Java?
• Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Updating Adobe Reader

• Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
• Please click here to download FoxIt Reader.
• If you wish to continue to use Adobe Reader, then please update it by clicking here.
• Please remember to uncheck the option to install McAfee's Security Suite.

Please let me know when these 2 items are updated and we'll proceed.

[blondie53185]

I followed the instructions to disable Java in Chrome and it was not in the plugin list.(?)

 

In FF, the Java Toolkit and Java Platform were not activated and I chose Never Activate.

 

When I went to the Java Control Panel after fixing FF as above, I discovered that the box next to FF was ticked. Not sure if this is how it should have been. After unticking the box next to IE, I also unticked FF.

 

I've uninstalled Java 7 Update 51 and Java 6 Update 14.

 

I've noticed that there are Windows Updates ready to be installed on this machine. I've just changed the update settings to Let Me Choose When to Download and Install rather than Download and Install Automatically.

 

We have chosen to continue using Adobe Reader and have successfully updated it WITHOUT installing McAfee!