micha3l87 Posted February 17, 2015 Share Posted February 17, 2015 Hey everyone, I had a friend that asked me to help him get rid of some viruses / spyware on his pc. I'm having to use TeamViewer to help him because we no longer live near each other. There were so many problems that I can't list them all. The computer was just running very bad, he had no anti spyware or virus scanners or firewall even. Installed AVG, Search & Destroy, KasperSky, CC Cleaner, Hijackthis AVG deep scan 20 threats were found and quartiuned, root kit scan 0 AVG performance scan fixed 2GB worth of errors CC Cleaner fix roughly 500 errors Malwarebytes found 50 threats and fixed them After those were done I tried to access http://www.speedtest.net and his browser gets hijacked by another page wanting him to call a 1-800 #, the page is different each time so theirs nothing I've been able to google search to identify how to remove it. Whatever is hijacking his browser won't let me download anything, I have to get the direct link the the .exe and send it to him so it downloads immediately before the screen is switched to the 1-800 crap. I can post the logs if you like them, just seeking some advice on what to do next. Thanks! Link to comment Share on other sites More sharing options...
Juliet Posted February 17, 2015 Share Posted February 17, 2015 try this Instructions on how to backup your Favourites/Bookmarks and other data can be found below. Backup Internet Explorer Favourites Backup Firefox Bookmarks Backup Chrome Bookmarks Backup Opera Bookmarks (scroll down) Proceed with the reset once done. Internet Explorer: How to reset Internet Explorer settings Firefox: Reset Firefox Chrome: Chrome - Reset browser settings Opera: How to perform a clean reinstall of Opera Link to comment Share on other sites More sharing options...
micha3l87 Posted February 21, 2015 Author Share Posted February 21, 2015 (edited) I reset Internet Explorer, and Chrome. He only uses Google Chrome, All the virus scans and spyware scans are coming back clean and they are up todate. One of the pop ups said savenet.com on it, if that helps narrow down what virus this is. Edited February 21, 2015 by micha3l87 Link to comment Share on other sites More sharing options...
Juliet Posted February 21, 2015 Share Posted February 21, 2015 Don't know what you have and haven't used but try this AdwCleaner by Xplode Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open windows and browsers. Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner. ***** Click the Scan button and wait for the scan to finish. After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time. Click the Report button to get the log Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt. Click the X in the upper right corner of the program or click the File menu and click Exit to close the program. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. Link to comment Share on other sites More sharing options...
Kyle Dobson Posted February 22, 2015 Share Posted February 22, 2015 I just reran the AdwCleaner, I have done so in the past and I got the log, looks like nothing showed up previously i just deleted all things it showed. # AdwCleaner v4.111 - Logfile created 21/02/2015 at 20:23:08 # Updated 18/02/2015 by Xplode # Database : 2015-02-18.3 [server] # Operating system : Windows 8.1 (x64) # Username : Kyle - XDOBCATX # Running from : C:\Users\Kyle\Downloads\adwcleaner_4.111.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v39.0.2171.95 ************************* AdwCleaner[R0].txt - [7530 bytes] - [17/02/2015 11:50:49] AdwCleaner[R1].txt - [1131 bytes] - [17/02/2015 14:34:43] AdwCleaner[R2].txt - [706 bytes] - [21/02/2015 20:23:08] AdwCleaner[s0].txt - [7345 bytes] - [17/02/2015 11:55:12] AdwCleaner[s1].txt - [1202 bytes] - [17/02/2015 14:39:24] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [882 bytes] ########## Link to comment Share on other sites More sharing options...
micha3l87 Posted February 22, 2015 Author Share Posted February 22, 2015 The above post is from his computer, I've got him signed up so he can do stuff that I cannot from teamviewer Link to comment Share on other sites More sharing options...
Juliet Posted February 22, 2015 Share Posted February 22, 2015 Have you run MBAM? Download Malwarebytes' Anti-Malware to your desktop. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" On the Dashboard click on Update Now Go to the Setting Tab Under Setting go to Detection and Protection Under PUP and PUM make sure both are set to show Treat Dections as Malware Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked Then on the Dashboard click on Scan Make sure to select THREAT SCAN Then click on Scan When the scan is finished and the log pops up...select Copy to Clipboard Please paste the log back into this thread for review Exit Malwarebytes *************************************** Link to comment Share on other sites More sharing options...
micha3l87 Posted February 22, 2015 Author Share Posted February 22, 2015 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/22/2015 Scan Time: 10:07:07 AM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.22.05 Rootkit Database: v2015.02.22.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Kyle Scan Type: Threat Scan Result: Completed Objects Scanned: 381727 Time Elapsed: 21 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Something is very wrong here Link to comment Share on other sites More sharing options...
Juliet Posted February 22, 2015 Share Posted February 22, 2015 Something is very wrong here OK, tell me what you mean? Link to comment Share on other sites More sharing options...
micha3l87 Posted February 22, 2015 Author Share Posted February 22, 2015 The browser gets hijacked each time he opens it up but all the scans come back clean is all i meant. Link to comment Share on other sites More sharing options...
Juliet Posted February 23, 2015 Share Posted February 23, 2015 What I'm going to do is move this topic to the Have I Been Hijacked forum, from there we will continue. All you will have to do is follow the topic as is. What I'd like for you to do now is Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe ~~~ Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Link to comment Share on other sites More sharing options...
micha3l87 Posted February 23, 2015 Author Share Posted February 23, 2015 (edited) Ok, Thank you for your help! Not sure if you wanted the Rkill log Rkill 2.7.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2015 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/22/2015 06:16:17 PM in x64 mode. Windows Version: Windows 8.1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 02/22/2015 06:16:49 PM Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s) Additional.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015 Ran by Kyle at 2015-02-22 18:18:32 Running from C:\Users\Kyle\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5736 - AVG Technologies) AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5736 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.6.10 - AVG Technologies) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon) Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version: - Double Helix Games) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version: - 1C-Avalon) ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios) Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-01-2015 18:50:17 Scheduled Checkpoint 15-02-2015 18:11:46 Windows Update 17-02-2015 14:22:40 Installed DirectX ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03711969-372F-4F7A-9E03-B829E27315B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {24E13A6D-EFBE-4254-B91E-31044DAD118D} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD) Task: {33A350C7-9C28-4E70-A57E-4B6B8B291812} - System32\Tasks\Malware Protection 360 Updater => C:\Program Files (x86)\MalwareProtection360\updater.exe Task: {39F51F2F-E05F-47CE-930C-6510B952C212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {3F706054-3EF6-43E6-A409-CE0B32D1D22F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {45BF1A99-592A-4907-BD0C-56633749864B} - System32\Tasks\Malware Protection 360 => C:\Program Files (x86)\MalwareProtection360\malwareprotection360.exe Task: {750418DE-5EA2-40A1-9533-B3C4C475202C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {AE520BD2-3BCD-47CE-8095-FED0E76E7C5C} - System32\Tasks\{D0BC907F-2E6F-44EE-A941-A0D21C65363E} => pcalua.exe -a C:\Users\Kyle\Downloads\Xbox360_64Eng.exe -d C:\Users\Kyle\Downloads Task: {B46A6BCD-03A1-4934-87FB-738BEC3B7F26} - System32\Tasks\RunTool => C:\Users\Kyle\AppData\Local\c3ec1834-824b-4e8d-b860-581b3a9f8457\sysad.exe Task: {C0331309-79E4-42FA-BC38-5364A4BD2B8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {D3E9D43F-FFA1-4ADF-AF27-3211160D1FFD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation) Task: {DF9224F0-6B0C-41E8-8CCA-C75AE0D911C2} - System32\Tasks\{91748345-6059-4F3F-9B35-7711B7CBFD2D} => pcalua.exe -a C:\Users\Kyle\Downloads\setup.exe -d C:\Users\Kyle\Desktop Task: {E182EAD2-F19D-4CF9-B4A4-6B62F5BC0761} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {E86F9391-67E7-4F25-96E0-F2B4D7A3FFB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated) Task: {F2216BC0-BF29-450E-BDEA-772A249DF710} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-04-17 21:29 - 2014-04-17 21:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-20 19:28 - 2015-02-20 19:28 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2015-02-17 10:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-02-17 10:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-02-17 10:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-02-17 10:46 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-02-17 10:46 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-01-15 01:04 - 2015-01-15 01:04 - 38713856 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libcef.DLL 2015-02-16 14:05 - 2015-02-16 14:05 - 01663512 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll 2015-01-15 01:04 - 2015-01-15 01:04 - 00514528 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libglesv2.dll 2015-01-15 01:04 - 2015-01-15 01:04 - 00105952 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Kyle\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3260297322-35097549-971543646-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: 71.10.216.1 - 71.10.216.2 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3260297322-35097549-971543646-500 - Administrator - Disabled) Dobbi Game (S-1-5-21-3260297322-35097549-971543646-1006 - Limited - Enabled) => C:\Users\Dobbi Game Guest (S-1-5-21-3260297322-35097549-971543646-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3260297322-35097549-971543646-1005 - Limited - Enabled) Kyle (S-1-5-21-3260297322-35097549-971543646-1003 - Administrator - Enabled) => C:\Users\Kyle ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/22/2015 05:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1e78 Start Time: 01d04f0b7eb9d399 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 73c3681d-baff-11e4-8282-74d435ac0e7a Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/22/2015 10:01:49 AM) (Source: OverwolfUpdater) (EventID: 0) (User: ) Description: Service cannot be started. The handle is invalid Error: (02/21/2015 07:23:18 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (02/21/2015 05:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname XDobCatX.local already in use; will try XDobCatX-2.local instead Error: (02/21/2015 05:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 XDobCatX.local. Addr 192.168.1.127 Error: (02/21/2015 05:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.127:5353 16 XDobCatX.local. AAAA FDEC:DB26:FDDD:0000:01FF:1DD3:2C03:FC20 Error: (02/21/2015 05:16:18 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (02/20/2015 08:35:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2730 Start Time: 01d04d8eb8542509 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 09a39ebb-b983-11e4-8280-74d435ac0e7a Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/20/2015 07:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 165c Start Time: 01d04d86578464c9 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 598396f1-b97b-11e4-8280-74d435ac0e7a Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/20/2015 04:37:50 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database System errors: ============= Error: (02/22/2015 09:53:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vToolbarUpdater18.3.0 service failed to start due to the following error: %%2 Error: (02/22/2015 09:53:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3 service failed to start due to the following error: %%2 Error: (02/22/2015 09:53:19 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:06:40 PM on 2/21/2015 was unexpected. Error: (02/21/2015 07:47:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vToolbarUpdater18.3.0 service failed to start due to the following error: %%2 Error: (02/21/2015 07:46:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3 service failed to start due to the following error: %%2 Error: (02/20/2015 04:24:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (02/20/2015 04:24:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (02/17/2015 02:43:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3 service failed to start due to the following error: %%2 Error: (02/17/2015 02:43:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vToolbarUpdater18.3.0 service failed to start due to the following error: %%2 Error: (02/17/2015 02:42:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3 service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (02/22/2015 05:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.206891e7801d04f0b7eb9d3994294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe73c3681d-baff-11e4-8282-74d435ac0e7amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (02/22/2015 10:01:49 AM) (Source: OverwolfUpdater) (EventID: 0) (User: ) Description: Service cannot be started. The handle is invalid Error: (02/21/2015 07:23:18 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (02/21/2015 05:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname XDobCatX.local already in use; will try XDobCatX-2.local instead Error: (02/21/2015 05:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 XDobCatX.local. Addr 192.168.1.127 Error: (02/21/2015 05:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.127:5353 16 XDobCatX.local. AAAA FDEC:DB26:FDDD:0000:01FF:1DD3:2C03:FC20 Error: (02/21/2015 05:16:18 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (02/20/2015 08:35:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689273001d04d8eb85425094294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe09a39ebb-b983-11e4-8280-74d435ac0e7amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (02/20/2015 07:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689165c01d04d86578464c94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe598396f1-b97b-11e4-8280-74d435ac0e7amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (02/20/2015 04:37:50 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 CodeIntegrity Errors: =================================== Date: 2014-12-11 22:56:14.669 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-11 22:56:14.577 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD FX-6300 Six-Core Processor Percentage of memory in use: 72% Total physical RAM: 4093.55 MB Available physical RAM: 1110.48 MB Total Pagefile: 5885.55 MB Available Pagefile: 2522.11 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.42 GB) (Free:284.47 GB) NTFS Drive d: (Gigabyte) (CDROM) (Total:3.59 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9373224F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ and finally the last log for FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015 Ran by Kyle (administrator) on XDOBCATX on 22-02-2015 18:17:14 Running from C:\Users\Kyle\Downloads Loaded Profiles: Kyle (Available profiles: Kyle & Dobbi Game) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe () C:\Windows\System32\PnkBstrA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Bleeping Computer, LLC) C:\Users\Kyle\Downloads\rkill64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-25] (Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-10] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3260297322-35097549-971543646-1003\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40688 2015-01-15] (Overwolf LTD) HKU\S-1-5-21-3260297322-35097549-971543646-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3260297322-35097549-971543646-1003\...\MountPoints2: {617ae083-fd42-11e3-825f-806e6f6e6963} - "D:\Run.exe" IFEO\bbqleads.exe: [Debugger] TaskList.exe IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe IFEO\bbqquotes.exe: [Debugger] TaskList.exe IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\donutleads.exe: [Debugger] TaskList.exe IFEO\donutquotes.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\pastaleads.exe: [Debugger] TaskList.exe IFEO\pastaquotes.exe: [Debugger] TaskList.exe IFEO\theanswerfinder.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3260297322-35097549-971543646-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: toppbuyer -> {46a77f61-e068-4012-8325-e081023337d0} -> C:\ProgramData\toppbuyer\mUDP126uTjkl7s.x64.dll No File BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: FleuxIbleShoopper -> {a1a0acdf-2027-458a-8dd1-3534f3b1c55b} -> C:\Program Files (x86)\FleuxIbleShoopper\1oFtYQ8rA5ya9V.x64.dll No File BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: DDeaalsFindueerProo -> {fdda515c-f921-4aec-8abc-a1280eb3b3fb} -> C:\ProgramData\DDeaalsFindueerProo\SNJgoLxrrkQHih.x64.dll No File BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name -> {46a77f61-e068-4012-8325-e081023337d0} -> No File BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: No Name -> {a1a0acdf-2027-458a-8dd1-3534f3b1c55b} -> No File BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: No Name -> {fdda515c-f921-4aec-8abc-a1280eb3b3fb} -> No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-17] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-17] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-17] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-17] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-17] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14] CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14] CHR Extension: (Kaspersky Protection) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-17] CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15] CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-10] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-10] (AVG Technologies CZ, s.r.o.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-17] (Electronic Arts) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-02-20] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-17] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-10] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-01-23] (AVG Technologies CZ, s.r.o.) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-11-24] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-17] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-17] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-22 18:17 - 2015-02-22 18:17 - 00022144 _____ () C:\Users\Kyle\Downloads\FRST.txt 2015-02-22 18:16 - 2015-02-22 18:17 - 00000000 ____D () C:\FRST 2015-02-22 18:14 - 2015-02-22 18:16 - 00002190 _____ () C:\Users\Kyle\Desktop\Rkill.txt 2015-02-22 18:14 - 2015-02-22 18:14 - 02087424 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe 2015-02-22 18:14 - 2015-02-22 18:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Kyle\Downloads\rkill64.exe 2015-02-22 18:13 - 2015-02-22 18:13 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Kyle\Downloads\rkill.exe 2015-02-21 20:28 - 2015-02-21 20:28 - 00000210 _____ () C:\Users\Kyle\Desktop\Kyle.txt 2015-02-21 20:20 - 2015-02-21 20:20 - 02126848 _____ () C:\Users\Kyle\Downloads\adwcleaner_4.111.exe 2015-02-20 19:28 - 2015-02-20 19:28 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2015-02-20 19:11 - 2015-02-20 19:11 - 00000000 ____D () C:\Users\Kyle\AppData\Local\PunkBuster 2015-02-20 19:08 - 2015-02-20 19:13 - 00000000 ____D () C:\Users\Kyle\Documents\Battlefield 4 2015-02-20 16:57 - 2015-02-20 16:57 - 00000000 ___HD () C:\Windows\msdownld.tmp 2015-02-20 16:57 - 2015-02-20 16:57 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-02-20 16:48 - 2015-02-20 16:48 - 00000000 ____D () C:\Users\Kyle\AppData\Local\ESN 2015-02-20 16:46 - 2015-02-20 16:46 - 01533584 _____ () C:\Users\Kyle\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-20 16:27 - 2015-02-20 16:27 - 00000979 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-02-20 16:27 - 2015-02-20 16:27 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-02-20 16:25 - 2015-02-20 16:25 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-20 16:25 - 2015-02-20 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-20 16:24 - 2015-02-20 16:25 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Kyle\Downloads\TeamSpeak3-Client-win64-3.0.16.exe 2015-02-20 16:24 - 2015-02-20 16:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-20 16:24 - 2015-02-20 16:25 - 00000000 ____D () C:\Program Files\iTunes 2015-02-20 16:24 - 2015-02-20 16:24 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Steam 2015-02-20 16:24 - 2015-02-20 16:24 - 00000000 ____D () C:\Program Files\iPod 2015-02-20 16:24 - 2015-02-20 16:24 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-18 01:09 - 2015-02-18 01:09 - 00000000 ____D () C:\Users\Kyle\Documents\ProcAlyzer Dumps 2015-02-17 14:29 - 2015-02-21 21:18 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-02-17 14:29 - 2015-02-21 20:38 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-02-17 14:29 - 2015-02-21 19:46 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-17 14:29 - 2015-02-17 14:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-17 14:29 - 2015-02-17 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4 2015-02-17 14:27 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-02-17 14:27 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-02-17 14:27 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-02-17 14:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2015-02-17 14:27 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-02-17 14:27 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-02-17 14:27 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2015-02-17 14:27 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2015-02-17 14:27 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-02-17 14:27 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-02-17 14:27 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-02-17 14:27 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2015-02-17 14:27 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-02-17 14:27 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2015-02-17 14:27 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2015-02-17 14:27 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-02-17 14:27 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-02-17 14:27 - 2009-03-16 14:18 - 00022360 _____ (Microsof Edited February 23, 2015 by micha3l87 Link to comment Share on other sites More sharing options...
Juliet Posted February 23, 2015 Share Posted February 23, 2015 OK, one of the logs was cut off but we can continue. AV: Kaspersky Internet Security (Enabled - Up to date) AV: AVG AntiVirus 2015 (Enabled - Up to date) The above shows me you have 2 antivirus installed and running on the computer. You will have to uninstall 1, or errors and problems deleting bad files will come into play. Having 2 antivirus on the computer causes resources to run high and make the computer sluggish. Your decision which to remove. ~~~~~~~~~~~~~~~~~ Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. ***** Google Chrome has been attacked and we will have to backup favorites and uninstall. Instructions on how to backup your Favourites/Bookmarks and other data can be found below. Backup Chrome Bookmarks Please download and install Revo Uninstaller Free Double click Revo Uninstaller to run it. From the list of programs double click on Google Chrome When prompted if you want to uninstall click Yes. Be sure the Moderate option is selected then click Next. The program will run, If prompted again click Yes when the built-in uninstaller is finished click on Next. Once the program has searched for leftovers click Next. Check/tick the bolded items only on the list then click Delete when prompted click on Yes and then on next. put a check on any folders that are found and select delete when prompted select yes then on next Once done click Finish. Then, it can be reinstalled from http://www.google.com/chrome/ ****** Running from C:\Users\Kyle\Downloads It's best we move Farbar's to desktop. Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT Go to an open spot on your desktop, right click and select PASTE You should now have Farbar Recovery Scan Tool on your desktop. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CloseProcesses: Task: {33A350C7-9C28-4E70-A57E-4B6B8B291812} - System32\Tasks\Malware Protection 360 Updater => C:\Program Files (x86)\MalwareProtection360\updater.exe Task: {45BF1A99-592A-4907-BD0C-56633749864B} - System32\Tasks\Malware Protection 360 => C:\Program Files(x86)\MalwareProtection360\malwareprotection360.exe Task: {B46A6BCD-03A1-4934-87FB-738BEC3B7F26} - System32\Tasks\RunTool => C:\Users\Kyle\AppData\Local\c3ec1834-824b-4e8d-b860-581b3a9f8457\sysad.exe IFEO\bbqleads.exe: [Debugger] TaskList.exe IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe IFEO\bbqquotes.exe: [Debugger] TaskList.exe IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\donutleads.exe: [Debugger] TaskList.exe IFEO\donutquotes.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\pastaleads.exe: [Debugger] TaskList.exe IFEO\pastaquotes.exe: [Debugger] TaskList.exe IFEO\theanswerfinder.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: toppbuyer -> {46a77f61-e068-4012-8325-e081023337d0} -> C:\ProgramData\toppbuyer\mUDP126uTjkl7s.x64.dll No File BHO: FleuxIbleShoopper -> {a1a0acdf-2027-458a-8dd1-3534f3b1c55b} -> C:\Program Files (x86)\FleuxIbleShoopper\1oFtYQ8rA5ya9V.x64.dll No File BHO: DDeaalsFindueerProo -> {fdda515c-f921-4aec-8abc-a1280eb3b3fb} -> C:\ProgramData\DDeaalsFindueerProo\SNJgoLxrrkQHih.x64.dll No File BHO-x32: No Name -> {46a77f61-e068-4012-8325-e081023337d0} -> No File BHO-x32: No Name -> {a1a0acdf-2027-458a-8dd1-3534f3b1c55b} -> No File BHO-x32: No Name -> {fdda515c-f921-4aec-8abc-a1280eb3b3fb} -> No File CHR dev: Chrome dev build detected! <======= ATTENTION C:\Program Files (x86)\MalwareProtection360 CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X] CMD: ipconfig /flushdns CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: Hosts: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~~~~~~` Follow the above and post the log it creates. Link to comment Share on other sites More sharing options...
micha3l87 Posted February 23, 2015 Author Share Posted February 23, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015 Ran by Kyle at 2015-02-23 05:43:09 Run:1 Running from C:\Users\Kyle\Desktop Loaded Profiles: Kyle (Available profiles: Kyle & Dobbi Game) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: Task: {33A350C7-9C28-4E70-A57E-4B6B8B291812} - System32\Tasks\Malware Protection 360 Updater => C:\Program Files (x86)\MalwareProtection360\updater.exe Task: {45BF1A99-592A-4907-BD0C-56633749864B} - System32\Tasks\Malware Protection 360 => C:\Program Files(x86)\MalwareProtection360\malwareprotection360.exe Task: {B46A6BCD-03A1-4934-87FB-738BEC3B7F26} - System32\Tasks\RunTool => C:\Users\Kyle\AppData\Local\c3ec1834-824b-4e8d-b860-581b3a9f8457\sysad.exe IFEO\bbqleads.exe: [Debugger] TaskList.exe IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe IFEO\bbqquotes.exe: [Debugger] TaskList.exe IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\donutleads.exe: [Debugger] TaskList.exe IFEO\donutquotes.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\pastaleads.exe: [Debugger] TaskList.exe IFEO\pastaquotes.exe: [Debugger] TaskList.exe IFEO\theanswerfinder.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: toppbuyer -> {46a77f61-e068-4012-8325-e081023337d0} -> C:\ProgramData\toppbuyer\mUDP126uTjkl7s.x64.dll No File BHO: FleuxIbleShoopper -> {a1a0acdf-2027-458a-8dd1-3534f3b1c55b} -> C:\Program Files (x86)\FleuxIbleShoopper\1oFtYQ8rA5ya9V.x64.dll No File BHO: DDeaalsFindueerProo -> {fdda515c-f921-4aec-8abc-a1280eb3b3fb} -> C:\ProgramData\DDeaalsFindueerProo\SNJgoLxrrkQHih.x64.dll No File BHO-x32: No Name -> {46a77f61-e068-4012-8325-e081023337d0} -> No File BHO-x32: No Name -> {a1a0acdf-2027-458a-8dd1-3534f3b1c55b} -> No File BHO-x32: No Name -> {fdda515c-f921-4aec-8abc-a1280eb3b3fb} -> No File CHR dev: Chrome dev build detected! <======= ATTENTION C:\Program Files (x86)\MalwareProtection360 CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X] CMD: ipconfig /flushdns CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: Hosts: End ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33A350C7-9C28-4E70-A57E-4B6B8B291812}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33A350C7-9C28-4E70-A57E-4B6B8B291812}" => Key deleted successfully. C:\Windows\System32\Tasks\Malware Protection 360 Updater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Protection 360 Updater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45BF1A99-592A-4907-BD0C-56633749864B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45BF1A99-592A-4907-BD0C-56633749864B}" => Key deleted successfully. C:\Windows\System32\Tasks\Malware Protection 360 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Protection 360" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B46A6BCD-03A1-4934-87FB-738BEC3B7F26}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46A6BCD-03A1-4934-87FB-738BEC3B7F26}" => Key deleted successfully. C:\Windows\System32\Tasks\RunTool => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key Deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46a77f61-e068-4012-8325-e081023337d0}" => Key deleted successfully. "HKCR\CLSID\{46a77f61-e068-4012-8325-e081023337d0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1a0acdf-2027-458a-8dd1-3534f3b1c55b}" => Key deleted successfully. "HKCR\CLSID\{a1a0acdf-2027-458a-8dd1-3534f3b1c55b}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdda515c-f921-4aec-8abc-a1280eb3b3fb}" => Key deleted successfully. "HKCR\CLSID\{fdda515c-f921-4aec-8abc-a1280eb3b3fb}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46a77f61-e068-4012-8325-e081023337d0}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{46a77f61-e068-4012-8325-e081023337d0} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1a0acdf-2027-458a-8dd1-3534f3b1c55b}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{a1a0acdf-2027-458a-8dd1-3534f3b1c55b} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdda515c-f921-4aec-8abc-a1280eb3b3fb}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{fdda515c-f921-4aec-8abc-a1280eb3b3fb} => Key not found. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. "C:\Program Files (x86)\MalwareProtection360" => File/Directory not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully. vToolbarUpdater18.3.0 => Service deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Global, OK! Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not reset Hosts. EmptyTemp: => Removed 432 MB temporary data. The system needed a reboot. ==== End of Fixlog 05:43:48 ==== Link to comment Share on other sites More sharing options...
Juliet Posted February 23, 2015 Share Posted February 23, 2015 Did you uninstall Google Chrome? I want you to right click and delete both AdwCleaner and Junkware Removal Tool if still on the machine. I want you to download and run updated copies. AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ~~~~~~~~~~~~~~~ please post C:\AdwCleaner.txt JRT.txt tell me what the computer is doing now. Link to comment Share on other sites More sharing options...
micha3l87 Posted February 23, 2015 Author Share Posted February 23, 2015 (edited) I did remove uninstall chrome the way you said and I reinstalled it after I finished running that program. I can uninstall it again if it's still bad and I'm attempting to remove Kaspersky, but the uninstall process locks up the screen. Edited February 23, 2015 by micha3l87 Link to comment Share on other sites More sharing options...
Juliet Posted February 23, 2015 Share Posted February 23, 2015 Use the uninstall tool http://support.kaspersky.com/us/common/service Link to comment Share on other sites More sharing options...
micha3l87 Posted February 23, 2015 Author Share Posted February 23, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 x64 Ran by Kyle on Mon 02/23/2015 at 8:18:44.76 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3260297322-35097549-971543646-1003\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 02/23/2015 at 8:22:08.19 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
Juliet Posted February 23, 2015 Share Posted February 23, 2015 C:\AdwCleaner.txt tell me what the computer is doing now. Link to comment Share on other sites More sharing options...
Juliet Posted February 25, 2015 Share Posted February 25, 2015 still need help? Link to comment Share on other sites More sharing options...
micha3l87 Posted February 25, 2015 Author Share Posted February 25, 2015 He said everything seems to be working perfectly. The adware scan you want is completely blank so I guess the computer is good to go Thank you! Link to comment Share on other sites More sharing options...
Juliet Posted February 25, 2015 Share Posted February 25, 2015 Good deal DelFix Please download DelFix or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop. Double-click DelFix.exe to run the programme. Place a checkmark next to the following items:Activate UAC Remove disinfection tools Create registry backup Purge system restore Click the Run button. -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). ~~~~~~~~~~~~~~~~~ Answers to common security questions - Best Practices by quietman7, MVP How Malware Spreads - How did I get infected? by quietman7, MVP Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP How to Prevent Malware by miekiemoes, MVP How to backup and restore your data using Cobian Backup by YourHighness Slow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads. CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. Link to comment Share on other sites More sharing options...
Humbluemoon Posted February 28, 2015 Share Posted February 28, 2015 This Thread 's Link to comment Share on other sites More sharing options...
Juliet Posted February 28, 2015 Share Posted February 28, 2015 Glad we could help. Since this issue appears resolved ... this Topic is closed. Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts