TechSpot

Webroot software detected W32.Malware.Gen

Solved
By bosco320
Apr 15, 2014
  1. Hello. I need help in removing the w32.Malware.Gen from my computer. My husband first noticed it over the weekend when WebRoot popped up saying it had detected a threat (W32.malware.gen located in c:/users/chris/appdata/local/temp). However, when he ran the webroot program to remove it, webroot was unable to locate any threat.
    We now have ads popping up constantly. When we try to click a link or go to another site a new tab will pop up saying our software is out of date.
    I ran Kaspersky tdss killer and it was unble to locate any threat either. My husband also ran spybot which also didn't help.
    Can you help get this remove? Thanks so much!
     
  2. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 4/15/2014
    Scan Time: 6:01:49 PM
    Logfile:
    Administrator: Yes
    Version: 2.00.1.1004
    Malware Database: v2014.04.15.11
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Chris
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 254334
    Time Elapsed: 10 min, 22 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 2
    PUP.Optional.ReMarkit.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe, 1668, Delete-on-Reboot, [4067e9414536b77fda7474fbe1219d63]
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe, 3228, Delete-on-Reboot, [f9ae2cfe91ea360053c4d98ac042b54b]
    Modules: 1
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll, Delete-on-Reboot, [f9ae2cfe91ea360053c4d98ac042b54b],
    Registry Keys: 2
    PUP.Optional.ReMarkit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markit, Quarantined, [4067e9414536b77fda7474fbe1219d63],
    PUP.Optional.ReMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\C41FBC48-71F7-7251-7D3C-727F8A92664B, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    Registry Values: 1
    PUM.Bad.Proxy, HKU\S-1-5-21-3168965227-2949440566-1652333485-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, Quarantined, [0d9af2384c2f181e06877b2fe71c53ad]
    Registry Data: 0
    (No malicious items detected)
    Folders: 1
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft, Delete-on-Reboot, [f9ae2cfe91ea360053c4d98ac042b54b],
    Files: 15
    PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit Update.job, Quarantined, [b5f255d5e19af93daca3caa5649e9868],
    PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit_wd.job, Quarantined, [1c8b0921314a4aecde71145be51de11f],
    PUP.Optional.ReMarkit.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe, Delete-on-Reboot, [4067e9414536b77fda7474fbe1219d63],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.crx, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.dat, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.xpi, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\a.db, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\b.db, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.bin, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll, Delete-on-Reboot, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.ini, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe, Delete-on-Reboot, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Sqlite3.dll, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Uninstall.exe, Quarantined, [f9ae2cfe91ea360053c4d98ac042b54b],
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  3. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    I tried to run DDS but got the message- DDS is not meant to run in 'Compatibility Mode'. The program shall now exit.

    I'm not sure what I should do now. How do I get out of compatibility mode?
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Chris [Admin rights]
    Mode : Remove -- Date : 04/15/2014 19:42:10
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] VOsrv.exe -- C:\Users\Chris\AppData\Roaming\VOPackage\VOsrv.exe [-] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 11 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Browser Addons : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 +++++
    --- User ---
    [MBR] 0d699a4b526d714a644bb7e66600e064
    [BSP] 626580ca3d82882b127124158159182a : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([0x15] The device is not ready. )
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )
    Finished : << RKreport[0]_D_04152014_194210.txt >>
    RKreport[0]_S_04152014_194151.txt
     
  6. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org
    Database version: v2014.04.15.11
    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16659
    Chris :: HOME [administrator]
    4/15/2014 7:46:14 PM
    mbar-log-2014-04-15 (19-46-14).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 251132
    Time elapsed: 10 minute(s), 3 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  7. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.2.9200 Windows 8 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16659
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.994000 GHz
    Memory total: 4160307200, free: 2385018880
    Downloaded database version: v2014.04.15.11
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: A28EEE66
    GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2206104178
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34 LastUsableLba 976773134
    GPT Header Guid 797433e2-d63e-4112-99cc-4ac162d84bf
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2206104178
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
    Backup GPT header Guid 797433e2-d63e-4112-99cc-4ac162d84bf
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 6525ddb2-ee72-441f-8145-0b21822783
    FirstLBA 2048 Last LBA 1026047
    Attributes 0
    Partition Name EFI system partition
    GPT Partition 0 is bootable
    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
    Partition ID c2bb2407-579-446b-84f5-466c8171e43
    FirstLBA 1026048 Last LBA 1107967
    Attributes 1
    Partition Name Basic data partition
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 9c15f94f-c283-42b2-8773-97bc6e14361f
    FirstLBA 1107968 Last LBA 1370111
    Attributes 0
    Partition Name Microsoft reserved partition
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2538513c-3213-4a71-839f-3a563d7b563f
    FirstLBA 1370112 Last LBA 2373631
    Attributes 1
    Partition Name Basic data partition
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b201cd90-f44e-465e-959-aba668a46ee9
    FirstLBA 2373632 Last LBA 952121343
    Attributes 0
    Partition Name Basic data partition
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e29239a3-aef-4b90-87ed-87ce913c88f9
    FirstLBA 952121344 Last LBA 952838143
    Attributes 1
    Partition Name
    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID d63c3fbf-1ec1-45e5-954e-dfa19948602d
    FirstLBA 952838144 Last LBA 976771119
    Attributes 1
    Partition Name Microsoft recovery partition
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.2.9200 Windows 8 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16659
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.994000 GHz
    Memory total: 4160307200, free: 2411986944
    Downloaded database version: v2014.04.15.11
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: A28EEE66
    GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2206104178
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34 LastUsableLba 976773134
    GPT Header Guid 797433e2-d63e-4112-99cc-4ac162d84bf
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2206104178
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
    Backup GPT header Guid 797433e2-d63e-4112-99cc-4ac162d84bf
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 6525ddb2-ee72-441f-8145-0b21822783
    FirstLBA 2048 Last LBA 1026047
    Attributes 0
    Partition Name EFI system partition
    GPT Partition 0 is bootable
    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
    Partition ID c2bb2407-579-446b-84f5-466c8171e43
    FirstLBA 1026048 Last LBA 1107967
    Attributes 1
    Partition Name Basic data partition
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 9c15f94f-c283-42b2-8773-97bc6e14361f
    FirstLBA 1107968 Last LBA 1370111
    Attributes 0
    Partition Name Microsoft reserved partition
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2538513c-3213-4a71-839f-3a563d7b563f
    FirstLBA 1370112 Last LBA 2373631
    Attributes 1
    Partition Name Basic data partition
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b201cd90-f44e-465e-959-aba668a46ee9
    FirstLBA 2373632 Last LBA 952121343
    Attributes 0
    Partition Name Basic data partition
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e29239a3-aef-4b90-87ed-87ce913c88f9
    FirstLBA 952121344 Last LBA 952838143
    Attributes 1
    Partition Name
    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID d63c3fbf-1ec1-45e5-954e-dfa19948602d
    FirstLBA 952838144 Last LBA 976771119
    Attributes 1
    Partition Name Microsoft recovery partition
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  8. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org
    Database version: v2014.04.15.11
    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16659
    Chris :: HOME [administrator]
    4/15/2014 7:59:25 PM
    mbar-log-2014-04-15 (19-59-25).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 251109
    Time elapsed: 9 minute(s), 35 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  9. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    I just tried to run ComboFix but is said " not meant to run in 'Compatibility Mode'. The program shall now exit. "

    How do I get out of compatibility mode?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    My apology.
    It won't run on Windows 8.1.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
     
  12. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    # AdwCleaner v3.023 - Report created 16/04/2014 at 18:59:33
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Chris - HOME
    # Running from : C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\37IEJKHE\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\Chris\AppData\Roaming\VOPackage
    Folder Deleted : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16518

    *************************
    AdwCleaner[R0].txt - [1236 octets] - [16/04/2014 18:58:04]
    AdwCleaner[S0].txt - [1177 octets] - [16/04/2014 18:59:33]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1237 octets] ##########
     
  13. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8.1 x64
    Ran by Chris on Wed 04/16/2014 at 19:06:37.13
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 04/16/2014 at 19:09:47.95
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
    Ran by Chris (administrator) on HOME on 16-04-2014 19:12:17
    Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\AYO9URQ0
    Windows 8.1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\skydrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-04-13] (Webroot)
    HKLM-x32\...\Run: [NWEReboot] => [X]
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
    HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
    HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
    HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
    HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-3168965227-2949440566-1652333485-1001\...\MountPoints2: {7326f910-e74f-11e2-be6c-a41f727744fb} - "F:\WD SmartWare.exe" autoplay=true
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    ProxyEnable: Internet Explorer proxy is enabled.
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.etree.org/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
    SearchScopes: HKLM - DefaultScope {CFE5631F-66A3-4849-8C88-DC820AE54612} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM - {CFE5631F-66A3-4849-8C88-DC820AE54612} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM-x32 - {CFE5631F-66A3-4849-8C88-DC820AE54612} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKCU - DefaultScope {CFE5631F-66A3-4849-8C88-DC820AE54612} URL =
    SearchScopes: HKCU - {CFE5631F-66A3-4849-8C88-DC820AE54612} URL =
    BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
    BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
    BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
    BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 - C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 - C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
    ==================== Services (Whitelisted) =================
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
    S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-04-13] (Webroot)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)
    S2 vosr; C:\Users\Chris\AppData\Roaming\VOPackage\VOsrv.exe [X]
    ==================== Drivers (Whitelisted) ====================
    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-23] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-04-13] (Webroot)
    U0 SR;
    U2 srservice;
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-04-16 19:12 - 2014-04-16 19:12 - 00000000 ____D () C:\FRST
    2014-04-16 19:09 - 2014-04-16 19:09 - 00000622 _____ () C:\Users\Chris\Desktop\JRT.txt
    2014-04-16 19:06 - 2014-04-16 19:06 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-04-16 18:57 - 2014-04-16 18:59 - 00000000 ____D () C:\AdwCleaner
    2014-04-15 19:46 - 2014-04-15 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-04-15 19:45 - 2014-04-15 20:09 - 00000000 ____D () C:\Users\Chris\Desktop\mbar
    2014-04-15 19:42 - 2014-04-15 19:42 - 00002613 _____ () C:\Users\Chris\Desktop\RKreport[0]_D_04152014_194210.txt
    2014-04-15 19:41 - 2014-04-15 19:41 - 00002493 _____ () C:\Users\Chris\Desktop\RKreport[0]_S_04152014_194151.txt
    2014-04-15 19:39 - 2014-04-15 19:42 - 00000000 ____D () C:\Users\Chris\Desktop\RK_Quarantine
    2014-04-15 18:07 - 2014-04-15 18:07 - 00003872 _____ () C:\Users\Chris\Desktop\scan1.txt
    2014-04-15 17:50 - 2014-04-16 19:03 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-15 17:50 - 2014-04-15 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-04-15 17:50 - 2014-04-15 17:50 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-15 17:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-04-15 17:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-04-15 02:49 - 2014-04-16 06:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-04-15 02:49 - 2014-04-15 02:49 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-04-15 02:49 - 2014-04-15 02:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2014-04-15 02:49 - 2014-04-15 02:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-15 02:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2014-04-13 18:45 - 2014-04-16 18:46 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
    2014-04-13 18:45 - 2014-04-14 18:46 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
    2014-04-13 18:45 - 2014-04-13 19:06 - 00000380 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
    2014-04-13 18:45 - 2014-04-13 18:46 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
    2014-04-13 18:45 - 2014-04-13 18:46 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
    2014-04-13 18:45 - 2014-04-13 18:46 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
    2014-04-13 18:45 - 2014-04-13 18:46 - 00000330 _____ () C:\Users\Chris\AppData\Roaming\aps.uninstall.scan.results
    2014-04-13 18:44 - 2014-04-13 18:44 - 01097384 _____ (AnyProtect.com) C:\Users\Chris\AppData\Local\nsx4976.tmp
    2014-04-13 18:43 - 2014-04-13 18:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-04-10 16:25 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-10 16:25 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-04-10 16:25 - 2014-03-10 06:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2014-04-10 16:25 - 2014-03-10 06:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2014-04-10 16:25 - 2014-03-06 05:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2014-04-10 16:25 - 2014-03-06 05:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-04-10 16:25 - 2014-03-06 02:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-04-10 16:25 - 2014-03-06 02:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2014-04-10 16:22 - 2014-04-10 16:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-04-10 16:22 - 2014-04-10 16:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-03-24 16:23 - 2014-02-22 08:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2014-03-24 16:23 - 2014-02-22 07:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2014-03-18 14:26 - 2014-01-02 19:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2014-03-18 14:26 - 2013-12-27 04:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2014-03-18 14:26 - 2013-12-27 04:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2014-03-18 14:26 - 2013-12-27 03:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2014-03-18 14:26 - 2013-12-27 02:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2014-03-18 14:26 - 2013-12-09 04:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-03-18 14:25 - 2014-01-07 21:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2014-03-18 14:25 - 2014-01-07 21:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2014-03-18 14:25 - 2014-01-07 21:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2014-03-18 14:25 - 2014-01-04 11:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
    2014-03-18 14:25 - 2014-01-04 11:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
    2014-03-18 14:25 - 2014-01-04 10:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
    2014-03-18 14:25 - 2014-01-04 09:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
    2014-03-18 14:25 - 2014-01-02 19:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
    2014-03-18 14:25 - 2013-12-31 21:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-03-18 14:25 - 2013-12-31 21:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2014-03-18 14:25 - 2013-12-31 20:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-03-18 14:25 - 2013-12-31 20:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2014-03-18 14:25 - 2013-12-31 19:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2014-03-18 14:25 - 2013-12-31 19:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2014-03-18 14:25 - 2013-12-31 19:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2014-03-18 14:25 - 2013-12-30 19:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
    2014-03-18 14:25 - 2013-12-30 19:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2014-03-18 14:25 - 2013-12-30 19:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
    2014-03-18 14:25 - 2013-12-30 19:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2014-03-18 14:25 - 2013-12-30 19:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2014-03-18 14:25 - 2013-12-27 11:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2014-03-18 14:25 - 2013-12-27 04:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2014-03-18 14:25 - 2013-12-27 03:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2014-03-18 14:25 - 2013-12-21 03:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
    2014-03-18 14:25 - 2013-12-17 03:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2014-03-18 14:25 - 2013-12-14 02:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-03-18 14:25 - 2013-12-14 02:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-03-18 14:25 - 2013-12-13 06:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2014-03-18 14:25 - 2013-12-13 02:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2014-03-18 14:25 - 2013-12-13 01:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2014-03-18 14:25 - 2013-12-09 00:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    ==================== One Month Modified Files and Folders =======
    2014-04-16 19:12 - 2014-04-16 19:12 - 00000000 ____D () C:\FRST
    2014-04-16 19:09 - 2014-04-16 19:09 - 00000622 _____ () C:\Users\Chris\Desktop\JRT.txt
    2014-04-16 19:06 - 2014-04-16 19:06 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-04-16 19:03 - 2014-04-15 17:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-16 19:03 - 2013-11-23 12:00 - 00000000 __RDO () C:\Users\Chris\SkyDrive
    2014-04-16 19:00 - 2013-11-23 11:41 - 00000761 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
    2014-04-16 19:00 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-04-16 18:59 - 2014-04-16 18:57 - 00000000 ____D () C:\AdwCleaner
    2014-04-16 18:59 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-04-16 18:46 - 2014-04-13 18:45 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
    2014-04-16 18:23 - 2013-11-23 11:47 - 01595049 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-04-16 18:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-04-16 17:56 - 2013-11-23 12:02 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FBAFDF1-0F39-4438-B19F-15559A0C74BC}
    2014-04-16 17:27 - 2013-07-07 17:35 - 00000000 ____D () C:\ProgramData\WRData
    2014-04-16 17:08 - 2013-07-07 17:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3168965227-2949440566-1652333485-1001
    2014-04-16 16:28 - 2013-09-29 23:55 - 00011458 _____ () C:\WINDOWS\PFRO.log
    2014-04-16 16:27 - 2013-07-07 17:18 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
    2014-04-16 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-04-16 06:02 - 2014-04-15 02:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-04-15 20:09 - 2014-04-15 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-04-15 20:09 - 2014-04-15 19:45 - 00000000 ____D () C:\Users\Chris\Desktop\mbar
    2014-04-15 19:58 - 2014-04-15 17:50 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-04-15 19:42 - 2014-04-15 19:42 - 00002613 _____ () C:\Users\Chris\Desktop\RKreport[0]_D_04152014_194210.txt
    2014-04-15 19:42 - 2014-04-15 19:39 - 00000000 ____D () C:\Users\Chris\Desktop\RK_Quarantine
    2014-04-15 19:41 - 2014-04-15 19:41 - 00002493 _____ () C:\Users\Chris\Desktop\RKreport[0]_S_04152014_194151.txt
    2014-04-15 18:07 - 2014-04-15 18:07 - 00003872 _____ () C:\Users\Chris\Desktop\scan1.txt
    2014-04-15 17:50 - 2014-04-15 17:50 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-15 02:49 - 2014-04-15 02:49 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-04-15 02:49 - 2014-04-15 02:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2014-04-15 02:49 - 2014-04-15 02:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-14 18:46 - 2014-04-13 18:45 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
    2014-04-13 19:06 - 2014-04-13 18:45 - 00000380 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
    2014-04-13 18:50 - 2013-07-07 17:04 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-13 18:46 - 2014-04-13 18:45 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
    2014-04-13 18:46 - 2014-04-13 18:45 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
    2014-04-13 18:46 - 2014-04-13 18:45 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
    2014-04-13 18:46 - 2014-04-13 18:45 - 00000330 _____ () C:\Users\Chris\AppData\Roaming\aps.uninstall.scan.results
    2014-04-13 18:44 - 2014-04-13 18:44 - 01097384 _____ (AnyProtect.com) C:\Users\Chris\AppData\Local\nsx4976.tmp
    2014-04-13 18:43 - 2014-04-13 18:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-04-13 18:43 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
    2014-04-13 18:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
    2014-04-13 06:44 - 2013-07-07 17:36 - 00152744 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2014-04-13 06:44 - 2013-07-07 17:36 - 00114176 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
    2014-04-13 06:44 - 2013-07-07 17:36 - 00103816 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2014-04-12 18:36 - 2013-09-30 00:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-04-10 16:22 - 2014-04-10 16:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-04-10 16:22 - 2014-04-10 16:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-04-03 16:21 - 2013-07-07 17:31 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2014-04-03 09:51 - 2014-04-15 17:50 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2014-04-15 17:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-03-31 17:23 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-03-31 17:23 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-31 03:51 - 2013-07-08 17:10 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-03-30 21:16 - 2014-04-10 16:25 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-03-30 19:57 - 2014-04-10 16:25 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-03-27 16:59 - 2013-08-22 10:46 - 00290341 _____ () C:\WINDOWS\setupact.log
    2014-03-27 04:38 - 2013-07-08 17:26 - 00000000 ____D () C:\Users\Chris\AppData\Local\Nero
    2014-03-21 15:32 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-03-21 15:32 - 2013-08-16 04:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-03-19 20:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-03-19 18:07 - 2013-07-07 17:04 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-19 18:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    Some content of TEMP:
    ====================
    C:\Users\Chris\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Chris\AppData\Local\Temp\Quarantine.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-04-16 16:43
    ==================== End Of Log ============================
     
  15. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014
    Ran by Chris at 2014-04-16 19:12:41
    Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\AYO9URQ0
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    ==================== Installed Programs ======================
    Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.1.528 - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
    CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
    Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    FLAC Frontend (HKLM-x32\...\{B1615F2A-105F-48FD-AA3E-0BDF8B3EE644}) (Version: 2.0.6 - Xiph.org)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    MediaCoder 0.8.23.5530 (HKLM-x32\...\MediaCoder) (Version: 0.8.23.5530 - Broad Intelligence)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Nero 12 (HKLM-x32\...\{4744E147-F0F2-4140-825E-B3071FC079F1}) (Version: 12.5.01300 - Nero AG)
    Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
    Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
    Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden
    Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
    Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
    Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
    Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
    Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
    Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
    Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
    Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
    Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
    Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
    Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
    Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
    Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
    Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
    Nero RescueAgent (x32 Version: 12.0.10002 - Nero AG) Hidden
    Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
    Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
    Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
    Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
    Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
    Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
    Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
    Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
    neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.70 - Webroot)
    Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    ==================== Restore Points =========================
    01-04-2014 09:20:15 Scheduled Checkpoint
    09-04-2014 19:37:23 Scheduled Checkpoint
    13-04-2014 15:42:51 Windows Update
    ==================== Hosts content: ==========================
    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {1F713E7D-D3EA-4FBE-A617-4956F219207C} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {201C6633-9752-4F6C-9B91-3B9F0966E3A6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {24BF0094-12E8-49E7-9F02-991EF3A2524F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {58D11E98-3E32-409E-B477-4F279F8F63D0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {6234F97A-2B3D-4F75-8EA0-A6E0EB9CC24F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {6FFC772A-E04A-4CCA-B22B-4766B0FE05A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {7212588B-FA6D-481D-A8FB-7EDC053B6C3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {834DDAF6-FF1C-4E36-A9EC-FD11E45E8AC7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {882EC9FC-F40B-455F-A63C-D0624C7A875A} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {B43A93EF-CF4D-44E4-9E00-EE057F46DF81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {C24EA851-F51A-47DA-AB88-164DD94FA353} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D82923D3-51B5-4BF5-8D32-B6425E2E2D44} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E4D7C198-C1B0-4F00-9766-3842A5670734} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-31] (Microsoft Corporation)
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
    Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
    Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
    ==================== Loaded Modules (whitelisted) =============
    2013-06-10 16:38 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-08-22 03:19 - 2013-08-22 02:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-15 02:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-04-15 02:49 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-04-15 02:49 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-04-15 02:49 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-04-15 02:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-02-15 09:06 - 2014-02-15 09:06 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8310d224af54d6cbd9fce767da495350\PSIClient.ni.dll
    2013-06-10 16:32 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-06-10 16:36 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    ==================== Alternate Data Streams (whitelisted) =========
    AlternateDataStreams: C:\Users\Chris\SkyDrive:ms-properties
    ==================== Safe Mode (whitelisted) ===================

    ==================== Disabled items from MSCONFIG ==============

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    ==================== Memory info ===========================
    Percentage of memory in use: 35%
    Total physical RAM: 3967.58 MB
    Available physical RAM: 2554.35 MB
    Total Pagefile: 4671.58 MB
    Available Pagefile: 3158.48 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:452.87 GB) (Free:162.56 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: A28EEE66)
    Partition: GPT Partition Type.
    ==================== End Of Log ============================
     
  16. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  17. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    FF Plugin: @mcafee.com/MSC,version=10 - C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
    S2 vosr; C:\Users\Chris\AppData\Roaming\VOPackage\VOsrv.exe [X]
    U0 SR;
    U2 srservice;
    C:\Users\Chris\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
    Task: {1F713E7D-D3EA-4FBE-A617-4956F219207C} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {834DDAF6-FF1C-4E36-A9EC-FD11E45E8AC7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {882EC9FC-F40B-455F-A63C-D0624C7A875A} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
    Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
    Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
    C:\Program Files (x86)\AnyProtectEx
    AlternateDataStreams: C:\Users\Chris\SkyDrive:ms-properties
     
  18. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Is Webroot still complaining?

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Everything seems to be back to normal- the ads are gone and extra tabs aren't opening. Webroot did detect a threat at -
    c:\users\chris\appdata\local\microsoft\windows\inetcache\ie\ayo9urq0\setup[1].exe
     
  20. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Security Check - UNSUPPORTED OPERATING SYSTEM! ABORTED!
     
  21. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Farbar Service Scanner Version: 25-02-2014
    Ran by Chris (administrator) on 16-04-2014 at 20:22:14
    Running from "C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\37IEJKHE"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.
    IE proxy is enabled.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2014-03-12 06:12] - [2014-01-29 04:47] - 2543960 ____A (Microsoft Corporation) ECC68BD5347BDE9631EE68274858A41F
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll
    [2014-03-12 06:12] - [2013-10-25 02:48] - 1571328 ____A (Microsoft Corporation) 8077537B1600AF493E7EE1A7A5C90799
    C:\Program Files\Windows Defender\MsMpEng.exe
    [2014-03-12 06:12] - [2013-10-30 20:29] - 0023824 ____A (Microsoft Corporation) 7CE5405B192AC912B9405F72386C7D4B
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  22. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    When ESET finished scanning, there was no option that said List of found threats. I'm assuming this means it didn't find anything?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Right.

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  24. bosco320

    bosco320 TS Rookie Topic Starter Posts: 18

    Great! Thank you so very much for all your time and help in getting this fixed! I really appreciate it!!
     
  25. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.