Malwarebytes 3.0.4 /and possible malware

[me82]

I am using a pc that was upgraded from xp to windows pro 7 and i did a scan on it using junkware first and it didn't get much off computer, then i downloaded malwarebytes the free version but it has trial version. it got some malware off when i restarted my pc and opened up google chrome the index file came up not normal google screen so i reset google and it shows normal again.

 

 

This happens whenever i do a malwarebytes scan where just the index file come . It happened in firefox too and i had to go in settings and refresh firefox.

 

 

 

 

Also the safesearch toolbar did not get removed in google chrome , I tried adware removal tool as well and i it took off was ask.com and aol.com. So i went in google extensions and downloaded adblocker( Stands) And went to google homepage and the safesearch toolbar does not show anymore because of the adblocker

[me82]

I did a search on internet to get off the safesearch toolbar but it requires going in the registry deleting the safeseach entries pol file, and i don't want to go in the registry and mess up my computer. Even though the toolbar doesn't show anymore that doesn't mean its off my computer right?

[Juliet]

I did a search on internet to get off the safesearch toolbar but it requires going in the registry deleting the safeseach entries pol file, and i don't want to go in the registry and mess up my computer. Even though the toolbar doesn't show anymore that doesn't mean its off my computer right?

It's possible bits and pieces could still be on there.

I'm going to move this topic to the HJT forum (Have I Been Hijacked?) and have you run a tool that searches the registry, then we can easily remove items that need to go.

[Juliet]

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the

"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder

and the click the "Select Folder" button. Click OK to get out of the Options menu.

 

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

   

[me82]

This (stands) adblocker for google does wonders

[Juliet]

good deal

[me82]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016

Ran by Owner (administrator) on OWNER-PC (20-12-2016 16:41:33)

Running from C:\Users\Owner\Desktop

Loaded Profiles: Owner (Available Profiles: Owner)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{9D69391E-5B78-4298-B9EB-3BDF78BF7400}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKU\S-1-5-21-961524124-1411212058-1041103660-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmwkzvnz.default-1482205545460 [2016-12-20]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:

=======

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-12-20]

CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-05]

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]

CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-05]

CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-12-20]

CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]

CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-12-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]

CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] ()

R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-17] (Malwarebytes)

R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-20] (Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-20] (Malwarebytes)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-20] (Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-20] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-20 16:41 - 2016-12-20 16:42 - 00006779 _____ C:\Users\Owner\Desktop\FRST.txt

2016-12-20 16:41 - 2016-12-20 16:41 - 00000000 ____D C:\FRST

2016-12-20 16:39 - 2016-12-20 16:39 - 02420224 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2016-12-19 22:45 - 2016-12-19 22:45 - 00000000 ____D C:\Users\Owner\Desktop\Old Firefox Data

2016-12-19 22:02 - 2016-12-19 22:33 - 00000000 ____D C:\AdwCleaner

2016-12-19 21:59 - 2016-12-19 22:00 - 03910208 _____ C:\Users\Owner\Downloads\adwcleaner(2).exe

2016-12-17 13:07 - 2016-12-17 13:07 - 05659917 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe

2016-12-17 12:52 - 2016-12-20 14:51 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2016-12-17 12:52 - 2016-12-20 14:51 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2016-12-17 12:52 - 2016-12-17 12:52 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys

2016-12-17 12:51 - 2016-12-20 14:51 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-12-17 12:51 - 2016-12-20 14:51 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-12-17 12:51 - 2016-12-17 12:51 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2016-12-17 12:51 - 2016-12-17 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2016-12-17 12:51 - 2016-12-17 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-12-17 12:51 - 2016-12-17 12:51 - 00000000 ____D C:\Program Files\Malwarebytes

2016-12-17 12:51 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys

2016-12-17 12:33 - 2016-12-17 12:33 - 01631928 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe

2016-12-14 21:06 - 2016-12-20 00:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla

2016-12-11 01:14 - 2016-12-19 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-20 14:58 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-12-20 14:58 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-12-20 14:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-12-19 22:34 - 2016-10-31 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-12-17 13:09 - 2016-11-03 16:21 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics

2016-12-17 12:58 - 2016-10-31 13:55 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-12-17 12:58 - 2016-10-31 13:55 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-12-17 12:58 - 2016-10-31 13:20 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-12-17 12:58 - 2016-10-31 13:19 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-12-17 12:58 - 2016-10-31 13:15 - 00001447 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-12-17 12:58 - 2016-10-31 13:15 - 00001413 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2016-12-17 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf

2016-12-17 12:00 - 2016-10-31 13:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-12-17 12:00 - 2016-10-31 13:53 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-12-17 11:46 - 2016-11-14 20:00 - 00001945 _____ C:\Windows\epplauncher.mif

2016-12-11 01:16 - 2016-11-03 07:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Google

2016-12-10 23:45 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-11-05 15:04 - 2016-11-05 15:04 - 0000000 _____ () C:\Users\Owner\AppData\Local\{17C1B774-83E0-4D5B-9952-55D0E7B5581A}

Some files in TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\libeay32.dll

C:\Users\Owner\AppData\Local\Temp\msvcr120.dll

C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-19 22:33

==================== End of FRST.txt ============================

[me82]

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016

Ran by Owner (20-12-2016 16:42:48)

Running from C:\Users\Owner\Desktop

Windows 7 Professional Service Pack 1 (X64) (2016-10-31 18:12:56)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-961524124-1411212058-1041103660-500 - Administrator - Disabled)

Guest (S-1-5-21-961524124-1411212058-1041103660-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-961524124-1411212058-1041103660-1002 - Limited - Enabled)

Owner (S-1-5-21-961524124-1411212058-1041103660-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.14 - Adobe Systems Incorporated)

Dell System Detect (HKU\S-1-5-21-961524124-1411212058-1041103660-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)

Gigabyte Wireless LAN Card (HKLM-x32\...\{2C564A58-BD28-4926-95E1-EC7812FCA44F}) (Version: 1.00.0000 - Gigabyte)

Google Chrome (HKLM-x32\...\{16C1182D-6E13-3989-A4BC-360B106D5C4E}) (Version: 54.0.2840.71 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)

Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)

OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)

Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)

WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FF23161-EB9E-4AB3-93EC-E0C5F6A10961} - System32\Tasks\{0BC15F45-0E9A-4980-B72C-8F0726195EB6} => pcalua.exe -a "C:\Users\Owner\Desktop\Dell driver software\PROSet.exe" -d "C:\Users\Owner\Desktop\Dell driver software"

Task: {21D0A833-C8DA-416E-9F39-466C7976A40B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)

Task: {32E4A7E2-E17E-4190-B103-4CB7EC80D21E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)

Task: {8A4E1E6B-F689-47C4-AB88-0FDE06508D23} - System32\Tasks\{18A18759-B6F5-4E7F-B704-7492ACD8B881} => pcalua.exe -a C:\Users\Owner\Desktop\PROSet.exe -d C:\Users\Owner\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2016-12-17 12:51 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

2016-12-17 12:51 - 2016-11-29 06:27 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2016-12-17 12:51 - 2016-11-29 06:27 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

2016-12-17 12:51 - 2016-11-08 09:46 - 00693248 _____ () C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-961524124-1411212058-1041103660-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-961524124-1411212058-1041103660-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{866803FD-2C6D-4482-8773-1BED7A76011E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{9E10EE46-C05B-437E-96F5-8E56D6E5B315}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{F4EF756C-B155-4620-93A2-5370AE5D94F5}] => C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe

FirewallRules: [{225C20D6-FB3D-47A7-B85B-3F1695D86273}] => C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe

FirewallRules: [{94FAB7E2-3330-46AF-BCE3-28EC66D42C41}] => C:\Program Files (x86)\SrpnFiles\downloader.exe

FirewallRules: [{F9300FBC-C47A-4721-BDAF-1A873F9361A8}] => C:\Program Files (x86)\SrpnFiles\downloader.exe

FirewallRules: [{0AC08974-A0D6-4E54-A31A-6F6A1C009353}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

31-10-2016 13:13:08 Windows Update

31-10-2016 13:59:39 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

05-11-2016 12:22:07 Installed Intel® Network Connections.

05-11-2016 12:46:04 Installed Gigabyte Wireless LAN Card

05-11-2016 15:19:55 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

05-11-2016 15:22:46 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

05-11-2016 15:25:13 Installed OpenOffice 4.1.3

05-11-2016 17:21:51 Installed Kaspersky Anti-Virus 2010.

14-11-2016 20:02:31 Revo Uninstaller's restore point - Kaspersky Anti-Virus 2010

14-11-2016 20:19:08 Windows Update

14-11-2016 23:10:21 Windows Update

17-12-2016 12:35:49 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (12/20/2016 03:21:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/20/2016 02:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/19/2016 10:36:44 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/19/2016 06:30:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/19/2016 05:38:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/19/2016 05:02:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/17/2016 01:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/17/2016 11:47:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/17/2016 11:20:59 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/14/2016 09:04:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:

=============

Error: (12/19/2016 10:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/19/2016 10:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/19/2016 10:33:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/17/2016 11:40:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Event-ID 2001

Error: (12/17/2016 11:35:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/17/2016 11:34:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/17/2016 11:33:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/17/2016 11:32:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/17/2016 11:31:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/17/2016 11:30:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.80GHz

Percentage of memory in use: 53%

Total physical RAM: 2038.15 MB

Available physical RAM: 942.88 MB

Total Virtual: 4076.3 MB

Available Virtual: 2643.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:53.41 GB) NTFS

Drive f: () (Fixed) (Total:74.44 GB) (Free:74.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: FC78FC78)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316)

Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)

Partition 2: (Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Juliet]

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

 

 

start

CreateRestorePoint:

CloseProcesses:

C:\Users\Owner\AppData\Local\Temp\libeay32.dll

C:\Users\Owner\AppData\Local\Temp\msvcr120.dll

C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[Juliet]

I didn't see any residual references to safesearch toolbar.

[me82]

when i installed the adblocker it went away from the homepage. (Safeseach)

 

From tomsguide.com it said to Press and hold Windows key and R (Win+R)

Copy and paste: %systemroot%\System32\GroupPolicy/Machine
Delete : Registry.pol

Restart the computer. and this link https://www.techsupportall.com/how-to-remove-safesearch-net-homepage-removal-help/

[me82]

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016

Ran by Owner (20-12-2016 21:20:52) Run:1

Running from C:\Users\Owner\Desktop

Loaded Profiles: Owner (Available Profiles: Owner)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

C:\Users\Owner\AppData\Local\Temp\libeay32.dll

C:\Users\Owner\AppData\Local\Temp\msvcr120.dll

C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

EmptyTemp:

Hosts:

End

*****************

Restore point was successfully created.

Processes closed successfully.

C:\Users\Owner\AppData\Local\Temp\libeay32.dll => moved successfully

C:\Users\Owner\AppData\Local\Temp\msvcr120.dll => moved successfully

C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.

C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6407355 B

Java, Flash, Steam htmlcache => 456 B

Windows/system/drivers => 812787576 B

Edge => 0 B

Chrome => 386651845 B

Firefox => 204182951 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

[me82]

what about my browsers not opening normally after i run a scan in malwarebytes Do i have to disable malwarebytes first then open my browser

[Juliet]

Download Zemana AntiMalware:

• open the program and without changing any options, press Scan
• after the scan is finished, if threats are detected press Next to remove them

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

• open Zemana AntiMalware again and locate the latest report
• please paste the contents into your reply.

========================

 

Open Chrome

 

1- Type about:config in URL and Enter

2- Find: browser.newtab.url

3- Change it to: about:newtab

 

close chrome, open the browser again and see if this corrects.

[me82]

My browsers are fine now, its just the new malwarebytes, When i did 2 scans a couple of days ago and deleted what it found restarted the computer , and open browser it showed index file . and then reset browswers it shows normal.

[me82]

I will hold off on doing the zemana antimalware

[Juliet]

Thats OK

 

They do have a dedicated forum for

 

Malwarebytes 3.0

 

Have questions or problems with Malwarebytes 3.0 (previously known as Malwarebytes Anti-Malware)? Post them here.

https://forums.malwarebytes.com/forum/41-malwarebytes-30/

[me82]

ok I see where there is a patch for some of the issues with malwarebytes

[Juliet]

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system.

  Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete

  ).

*********************

[Juliet]

Glad we could help.

 

Since this issue appears resolved ... this Topic is closed.