Author Topic: "Misleading.FakeAV " Problem? (Read 18390 times)

az_shyguy · « **on:** January 18, 2014, 08:31:44 PM »

Hello Malware fighters, I am back again.. $:-\$
I was at my moms last night and she asked me to look at a message on her computer so I did and it was a back-up pop-up... so I just told her it was a pop-up and closed it.. and then some kind of scan started running I think it was called performance something... closed it out and said something is wrong your infected.. she was running a advanced systemcare scan and it had found one malware called "Misleading.FakeAV" I then looked at her screen and she had all sorts of shortcut icons to programs. so I asked her what they was and if she downloaded something. she said she hadn't but didn't know what the icons where there for. Anyhow I pointed to one icon and she said yes she downloaded that because I guess while on internet she got a pop-up saying it was an update for her media player.. I said I bet that is when all this happened. I hate how they trick elderly people into clicking on things. Long story short I started cleaning stuff out today and finally got the computer to do a restore back to Dec. 23.. it took out the icons and programs, but I was sure there was leftover remnants which I did get in the scans.. I would appreciate it if you would have a look at the reports and let me know if there is anything else I need to do before I make a back-up of the system. I have followed all the procedures I know of.. thanks in advance for your help.

Figured I would come to the best.

she is running windows 7 home premium 64-bit, Service pack 1 on a HP- p6610f
AMD Athlon IIx4 635 processor.. 2.90 GHz
Microsoft Security essentials A/V, Iobit malware fighter, zonealarm firewall

Reports following:

Malwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Carol Lee :: CAROLLEE-HP [administrator]

1/18/2014 5:21:20 PM
mbam-log-2014-01-18 (17-21-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211628
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6} (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Users\Carol Lee\AppData\Roaming\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\speedtest4354 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0 (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0 (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\freegames111 (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111 (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.

Files Detected: 61
C:\Users\Carol Lee\AppData\Roaming\Slick Savings\Coupons.dll (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\PC Performer_DEFAULT.job (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\PC Performer_UPDATES.job (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\PerformerSoft\PC Performer\log_01-16-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\PerformerSoft\PC Performer\eng_rcp.dat (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\PerformerSoft\PC Performer\log_01-17-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\PerformerSoft\PC Performer\log_01-18-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\Slick Savings\coupons_2.4.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\Slick Savings\Coupons64.dll (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\Slick Savings\CouponsHelper.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\Slick Savings\coupons_2.8.xpi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\Slick Savings\Uninstall.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Slick Savings\coupons.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\speedtest4354\speedtest4354.crx (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\speedtest4354\speedtest4354.xpi (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\background.html (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon128.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon16.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon18.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon24.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon32.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon48.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon64.png (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\manifest.json (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\settings.json (PUP.Optional.SpeedAnalysis.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\background.html (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\icon128.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\icon16.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\icon18.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\icon24.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\icon32.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\icon48.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\manifest.json (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf\3.0.0.0\settings.json (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\freegames111\freegames111.crx (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Users\Carol Lee\AppData\Roaming\freegames111\freegames111.xpi (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\background.html (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\config.xml (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\content.js (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon128.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon16.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon18.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon24.ico (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon24.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon32.ico (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon32.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\icon48.png (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\jquery-1.9.1.min.js (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Games 111\options.htm (PUP.Optional.FreeGames.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\background.html (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\button.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\config.xml (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon128.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon16.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon18.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon24.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon32.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon48.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon64.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\options.htm (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\uninstall.exe (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.

(end)

Adwcleaner:

# AdwCleaner v3.017 - Report created 18/01/2014 at 19:05:35
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Carol Lee - CAROLLEE-HP
# Running from : C:\Users\Carol Lee\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PC Performer
Folder Deleted : C:\Program Files (x86)\Secure Speed Dial
Folder Deleted : C:\Program Files (x86)\Video Performer
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Carol Lee\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Carol Lee\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Carol Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Carol Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
Folder Deleted : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vfbcj3gf.default\Extensions\[email protected]
Folder Deleted : C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vfbcj3gf.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vfbcj3gf.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\vfbcj3gf.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Carol Lee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [5088 octets] - [18/01/2014 19:02:22]
AdwCleaner[S0].txt - [4860 octets] - [18/01/2014 19:05:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4920 octets] ##########

Security Check:

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
ZoneAlarm Free Firewall Antivirus
Microsoft Security Essentials
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

SuperDave · « **Reply #1 on:** January 19, 2014, 07:06:10 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The Security Check shows you have two AV's on your computer. You should only have one AV activated on your computer.This could be one cause of the freezing. You will have to disable one of them and then update it.

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**************************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

az_shyguy · « **Reply #2 on:** January 20, 2014, 02:09:23 PM »

Hello Superdave and thanks for the help...

I do not recall saying anything about freezing, but you are right, there is two A/V's and I should have mentioned it.. I cannot get zonealarm's firewall without them adding the antivirus which is disabled and not used. as I haven't heard any recommendations from you guys to use it, so I have Microsoft Security Essentials installed and using it.. It is up-to-date! checked it to make sure after I checked log on security check. Do you think zonealarm A/V is as good or not?

I normally refuse to run beta's, but I trust you wouldn't have me run it if you didn't trust it, so did a backup and ran it. had no problems.

Ok below is logs you requested.. Malewarebytes anti-rootkit said it was clean and no threats so I only ran it the one time. thanks again for your time..

Junkware log::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Carol Lee on Mon 01/20/2014 at 11:31:10.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{17662709-9A30-4ABF-9460-14DDBDC77084}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Carol Lee\appdata\locallow\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Carol Lee\AppData\Roaming\mozilla\firefox\profiles\vfbcj3gf.default\extensions\[email protected]
Emptied folder: C:\Users\Carol Lee\AppData\Roaming\mozilla\firefox\profiles\vfbcj3gf.default\minidumps [65 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/20/2014 at 12:03:41.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBAR LOG::

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Carol Lee :: CAROLLEE-HP [administrator]

1/20/2014 1:32:58 PM
mbar-log-2014-01-20 (13-32-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 236553
Time elapsed: 15 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

SYSTEM LOG:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16750

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.892000 GHz
Memory total: 4025782272, free: 2190569472

Downloaded database version: v2014.01.20.08
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
01/20/2014 13:32:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8005b89060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa80059f8b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8005b5d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xfffffa80059f7b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8005b5b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xfffffa80059f6b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005b5e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa80059f0b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003ea4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xfffffa80039df8f0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003ea4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003ea4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003ea4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80039e6ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80039df8f0, DeviceName: \Device\0000005d\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 24B20C17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1439606784

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1439813632 Numsec = 25331712

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005b5e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b5eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b5e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005b59bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80059f0b60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8005b5b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b5bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b5b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80059f9bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80059f6b60, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8005b5d060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b5db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b5d060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80059fabf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80059f7b60, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8005b89060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b89b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b89060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80059fbbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80059f8b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

SuperDave · « **Reply #3 on:** January 21, 2014, 11:03:10 AM »

Quote

I do not recall saying anything about freezing, but you are right, there is two A/V's and I should have mentioned it.. I cannot get zonealarm's firewall without them adding the antivirus which is disabled and not used. as I haven't heard any recommendations from you guys to use it, so I have Microsoft Security Essentials installed and using it.. It is up-to-date! checked it to make sure after I checked log on security check. Do you think zonealarm A/V is as good or not?

I was thinking about a previous client. Sorry. As for the efficiency of ZoneAlarm, you can judge for yourself here..

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

az_shyguy · « **Reply #4 on:** January 27, 2014, 09:13:09 PM »

ok Ran ESET online scanner and it did not find any infected files. I could not find the list of found threats to click on and export to text file.. this is the log from location specified in C:\Program Files\ESET\ESET Online Scanner\log.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

that is all I found.

SuperDave · « **Reply #5 on:** January 28, 2014, 11:14:16 AM »

How's your computer running now? Any other issues before we clean up?

az_shyguy · « **Reply #6 on:** January 28, 2014, 08:19:14 PM »

As far as I can tell it is running fine now.. I haven't been on it except to do what you recommend, but I haven't heard my mom complain about anything. So I would say everything is good for now!

SuperDave · « **Reply #7 on:** January 29, 2014, 12:29:21 PM »

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: "Misleading.FakeAV " Problem? (Read 18390 times)

az_shyguy

"Misleading.FakeAV " Problem?

SuperDave

Re: "Misleading.FakeAV " Problem?

az_shyguy

Re: "Misleading.FakeAV " Problem?

SuperDave

Re: "Misleading.FakeAV " Problem?

az_shyguy

Re: "Misleading.FakeAV " Problem?

SuperDave

Re: "Misleading.FakeAV " Problem?

az_shyguy

Re: "Misleading.FakeAV " Problem?

SuperDave

Re: "Misleading.FakeAV " Problem?