Solved Malware Chrome & IE. Plus System won't turn off

[ArizEagle]

Thank you in advance...

My Dell Desktop has a few issues that need to be taken care of.
1) "Spinning Wheel" in Chrome... Eventually gets to my Firefox..
2) Will not "shut down." When turning off my computer, the page showing "shutting down," just stays...
I have to manually shut the computer off...
3) In IE, my "favorites" will not link.
4) At times I can't open any new windows.
SOMETIMES It's OK after restart, or shutting down and waiting and powering back up.
Sometimes it takes time in-between restarting...

OTL and aswMBR are attached..

When we're all done this time, I could use some suggestions as to what anti-virus to load on this and my laptop.
What can I do daily or weekly to clean and make sure computer is OK.
Any general, or specific suggestions...

Thank you...

 

[Fiery]

Hi,

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[ArizEagle]

Actually, 2 notepads were opened...

Both of them are attached to this message:

One is title frst 1

One is titled Addition.

Did you get them OK?

If not I can copy / paste.
Thanks.

 

[Fiery]

Hi,

You ran the tool in safe mode, not system recovery mode. Running it in safe mode is not as good as running it in system recovery.

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

And then follow the instructions above

 

[ArizEagle]

I had a problem trying to run the program starting at step 5 (f:\frst64).
It would not run from here, so....
While still in Command Prompt I opened the program by going to computer, f-drive (where the download was stored) and opened and ran the program from there..

Here are the results: >>>>>>>>>>>>>>>>>

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 02-09-2013 17:06:35
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-07] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 catchme; \??\C:\Combo-Fix.exe\catchme.sys [x]
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 20:48 - 2013-08-29 20:48 - 00000000 ____D C:\FRST
2013-08-28 15:21 - 2013-08-28 15:21 - 00001728 _____ C:\Users\Eagle AMDG\Downloads\aswMBR.txt 8282013.txt
2013-08-28 15:21 - 2013-08-28 15:21 - 00000512 _____ C:\Users\Eagle AMDG\Downloads\MBR.dat
2013-08-28 13:48 - 2013-08-28 15:18 - 04745728 _____ (AVAST Software) C:\Users\Eagle AMDG\Downloads\aswMBR(1).exe
2013-08-28 13:25 - 2013-08-28 13:25 - 00602112 _____ (OldTimer Tools) C:\Users\Eagle AMDG\Downloads\OTL(1).exe
2013-08-24 08:36 - 2013-08-24 08:36 - 00468481 _____ C:\Users\Eagle AMDG\Downloads\image0000001A (2).tif
2013-08-23 22:31 - 2013-08-23 22:31 - 00468481 _____ C:\Users\Eagle AMDG\Downloads\image0000001A (1).tif
2013-08-23 22:27 - 2013-08-23 22:27 - 00468481 _____ C:\Users\Eagle AMDG\Downloads\image0000001A.tif
2013-08-23 07:58 - 2013-08-23 07:58 - 00268264 _____ (Citrix Online) C:\Users\Eagle AMDG\Downloads\Citrix Online Launcher.exe
2013-08-23 07:42 - 2013-09-02 15:57 - 00388882 _____ C:\Windows\WindowsUpdate.log
2013-08-23 07:40 - 2013-08-29 21:29 - 00001522 _____ C:\Windows\setupact.log
2013-08-23 07:40 - 2013-08-23 07:40 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 06:48 - 2013-08-23 06:48 - 00000000 ___SD C:\Combo-Fix.exe
2013-08-21 10:16 - 2013-08-21 15:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 22:29 - 2013-08-16 22:29 - 00320089 _____ C:\Users\Eagle AMDG\Downloads\Alarm Quote - Ron Bell Bid
2013-08-15 06:32 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 06:32 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 06:32 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-15 06:32 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 06:32 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-15 06:32 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 06:32 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 06:32 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 06:32 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 06:32 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 06:32 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 06:32 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 06:32 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-15 06:32 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 07:34 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 07:34 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:33 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 07:33 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:33 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 07:33 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 07:33 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 07:33 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 07:33 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 07:33 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 07:33 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 07:33 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 07:33 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:33 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:33 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:33 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:33 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:33 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:33 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:33 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:33 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:33 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:33 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:33 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:33 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:32 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 07:32 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-10 11:01 - 2013-08-10 11:06 - 00024581 _____ C:\Users\Eagle AMDG\Documents\Homes - Orangevale 2013.xlsx
2013-08-08 07:56 - 2013-08-08 07:56 - 00479679 _____ C:\Users\Eagle AMDG\Downloads\2012PrelimAnnUCR.zip

==================== One Month Modified Files and Folders =======

2013-09-02 15:57 - 2013-08-23 07:42 - 00388882 _____ C:\Windows\WindowsUpdate.log
2013-09-02 15:57 - 2012-10-11 07:47 - 00000000 ____D C:\Users\Eagle AMDG\AppData\Roaming\SoftGrid Client
2013-09-02 15:13 - 2012-11-10 23:42 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 15:11 - 2012-11-10 23:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 14:13 - 2012-11-10 23:42 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 13:58 - 2013-05-21 16:00 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-09-01 07:45 - 2009-07-13 20:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 07:45 - 2009-07-13 20:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-31 12:43 - 2013-01-29 14:14 - 00024232 _____ C:\Users\Eagle AMDG\Documents\Homes - Fair Oaks 95628 - 2013.ods
2013-08-29 21:49 - 2012-06-01 08:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-29 21:33 - 2009-07-13 21:13 - 00779788 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-29 21:29 - 2013-08-23 07:40 - 00001522 _____ C:\Windows\setupact.log
2013-08-29 21:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 20:48 - 2013-08-29 20:48 - 00000000 ____D C:\FRST
2013-08-29 07:51 - 2012-11-10 23:42 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-29 07:51 - 2012-11-10 23:42 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-08-28 15:21 - 2013-08-28 15:21 - 00001728 _____ C:\Users\Eagle AMDG\Downloads\aswMBR.txt 8282013.txt
2013-08-28 15:21 - 2013-08-28 15:21 - 00000512 _____ C:\Users\Eagle AMDG\Downloads\MBR.dat
2013-08-28 15:18 - 2013-08-28 13:48 - 04745728 _____ (AVAST Software) C:\Users\Eagle AMDG\Downloads\aswMBR(1).exe
2013-08-28 13:35 - 2013-01-04 10:14 - 00117920 _____ C:\Users\Eagle AMDG\Downloads\OTL.Txt
2013-08-28 13:25 - 2013-08-28 13:25 - 00602112 _____ (OldTimer Tools) C:\Users\Eagle AMDG\Downloads\OTL(1).exe
2013-08-27 23:22 - 2012-10-13 11:09 - 00017084 _____ C:\Users\Eagle AMDG\Documents\Word Among Us Reading.odt
2013-08-27 19:33 - 2013-01-04 23:51 - 00032386 _____ C:\Users\Eagle AMDG\Documents\Homes - Rancho 2013.xlsx
2013-08-27 12:06 - 2013-01-05 11:54 - 00027498 _____ C:\Users\Eagle AMDG\Documents\Homes - Citrus Heights - 2013.xlsx
2013-08-25 12:38 - 2012-10-25 13:18 - 00672943 _____ C:\Users\Eagle AMDG\Documents\Medjugorie Message.odt
2013-08-24 10:36 - 2012-10-13 11:23 - 00122272 _____ C:\Users\Eagle AMDG\Documents\Deck of Cards.odt
2013-08-24 08:36 - 2013-08-24 08:36 - 00468481 _____ C:\Users\Eagle AMDG\Downloads\image0000001A (2).tif
2013-08-23 22:31 - 2013-08-23 22:31 - 00468481 _____ C:\Users\Eagle AMDG\Downloads\image0000001A (1).tif
2013-08-23 22:27 - 2013-08-23 22:27 - 00468481 _____ C:\Users\Eagle AMDG\Downloads\image0000001A.tif
2013-08-23 07:58 - 2013-08-23 07:58 - 00268264 _____ (Citrix Online) C:\Users\Eagle AMDG\Downloads\Citrix Online Launcher.exe
2013-08-23 07:40 - 2013-08-23 07:40 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 07:27 - 2013-03-13 02:22 - 00000000 ____D C:\Windows\Minidump
2013-08-23 07:27 - 2011-02-10 06:02 - 00000000 ____D C:\Windows\panther
2013-08-23 06:48 - 2013-08-23 06:48 - 00000000 ___SD C:\Combo-Fix.exe
2013-08-23 06:48 - 2013-01-06 03:14 - 00000000 ____D C:\Qoobox
2013-08-23 06:46 - 2013-01-06 02:58 - 05111180 ____R (Swearware) C:\Users\Eagle AMDG\Desktop\Combo-Fix.exe.exe
2013-08-21 15:40 - 2013-01-12 00:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 15:40 - 2012-06-01 09:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-21 15:32 - 2013-08-21 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 13:11 - 2012-11-10 23:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 13:11 - 2012-06-01 08:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 13:11 - 2012-06-01 08:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-16 22:29 - 2013-08-16 22:29 - 00320089 _____ C:\Users\Eagle AMDG\Downloads\Alarm Quote - Ron Bell Bid
2013-08-15 09:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-13 09:20 - 2013-01-13 20:56 - 00029296 _____ C:\Users\Eagle AMDG\Documents\Homes - Roseville - 2013.ods
2013-08-10 11:06 - 2013-08-10 11:01 - 00024581 _____ C:\Users\Eagle AMDG\Documents\Homes - Orangevale 2013.xlsx
2013-08-08 07:56 - 2013-08-08 07:56 - 00479679 _____ C:\Users\Eagle AMDG\Downloads\2012PrelimAnnUCR.zip

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-08-15 06:28:28
Restore point made on: 2013-08-23 00:13:55
Restore point made on: 2013-08-30 06:16:41
Restore point made on: 2013-09-02 15:47:11
Restore point made on: 2013-09-02 15:47:46

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6022.16 MB
Available physical RAM: 5332.56 MB
Total Pagefile: 6020.36 MB
Available Pagefile: 5328.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:843.12 GB) NTFS
Drive f: () (Removable) (Total:14.53 GB) (Free:14.52 GB) FAT32
Drive g: (RECOVERY) (Fixed) (Total:19.81 GB) (Free:8.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: D303ABB4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-09-01 13:40

==================== End Of Log ============================

Did this work???

Thanks...

 

[Fiery]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

 

[ArizEagle]

Here is the log file from running AdwCleaner:

# AdwCleaner v3.002 - Report created 04/09/2013 at 23:20:58
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eagle AMDG - EAGLEAMDG-PC
# Running from : C:\Users\Eagle AMDG\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Eagle AMDG\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Eagle AMDG\AppData\Roaming\DSite
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\EAGLEA~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Eagle AMDG\AppData\Roaming\Mozilla\Firefox\Profiles\1ugu72u5.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2375 octets] - [04/09/2013 23:18:15]
AdwCleaner[S0].txt - [2250 octets] - [04/09/2013 23:20:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2310 octets] ##########

Please Note: While attempting to download, something called "Open It" showed up on my desktop and I don't ever remember seeing it before.
I did have difficulty as my computer kept trying to redirect me. I finally was able to get it done.

The next 2 will follow...

 

[ArizEagle]

Hey Fiery - Please read this as I believe it's very important...

After finishing up with AdwCleaner, I attempted to download RogueKiller and my system started running some false Virus scanner..
Everything happened so fast, I couldn't stop it, so I shut down my computer...
Prior to shutting down I noticed there were 4 new icons on my desktop, including that Clean It, as well as 3 others...

I re-ran AdwCleaner and I may have messed up as I deleted the files it stored on the 2nd scan.
I now have an AVG on my Firefox, and it was on my Chrome browser.
Now, my browser looks messed up and it doesn't seem to have Google..

Anyway, here are the results of a second AdwCleaner scan and delete...
Did I mess up?
I don't see how this false anti-virus took over..

Anyway, here you go..

# AdwCleaner v3.002 - Report created 05/09/2013 at 00:18:07
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eagle AMDG - EAGLEAMDG-PC
# Running from : C:\Users\Eagle AMDG\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : FastFreeConverterUpdt

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Eagle AMDG\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Eagle AMDG\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Eagle AMDG\AppData\Roaming\DSite
Folder Deleted : C:\Users\Eagle AMDG\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Eagle AMDG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Eagle AMDG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Eagle AMDG\Desktop\MyPC Backup.lnk
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Eagle AMDG\AppData\Roaming\Mozilla\Firefox\Profiles\1ugu72u5.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [2375 octets] - [04/09/2013 23:18:15]
AdwCleaner[R1].txt - [7839 octets] - [05/09/2013 00:10:08]
AdwCleaner[S0].txt - [2390 octets] - [04/09/2013 23:20:58]
AdwCleaner[S1].txt - [7108 octets] - [05/09/2013 00:18:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7168 octets] ##########

I'm going to try to download RogueKiller again...

 

[ArizEagle]

RogueKiller:

I go through the download, but when I click on "Run as Administrator," nothing happens...

The program won't open.

I tried walking through their troubleshooting guide, with no success...

I can't get RogueKiller to run...

 

[ArizEagle]

Junkware Removal Tool:
Report:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Home Premium x64
Ran by Eagle AMDG on Thu 09/05/2013 at 1:09:11.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"



~~~ FireFox

Successfully deleted the following from C:\Users\Eagle AMDG\AppData\Roaming\mozilla\firefox\profiles\1ugu72u5.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={4E9AA3CB-563C-4F3B-BF14-AD0279DE0682}&mid=0a91f5a90bf547d39eaea90c82ed718d-16c5c65a65db87fa289888645b87bb8
Emptied folder: C:\Users\Eagle AMDG\AppData\Roaming\mozilla\firefox\profiles\1ugu72u5.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/05/2013 at 1:13:32.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[ArizEagle]

More Issues:
When I open my Chrome browser, I have the task bar showing my favorites, but as soon as I open a web site, the task bar goes away.
Do you know how I can repair that?
Also, when I open Chrome I don't get everything I used to get on the opening page.

I messed up, right, when I ran the AdwCleaner a second time after that bogus anti-virus program took over...???

Should I go to "Settings," and re-set my Browser settings in the advanced mode? I won't do anything until I hear from you...

Lastly, my system seems to running slower...
I'm on MLB websites a lot following baseball and it seems to take a long time to download the web sites on MLB...
Also, I'm unable to read the articles on MLB. All I get is some background image. No story...,
Thanks

 

[Fiery]

It seems you got redirected when you tried to download adwCleaner.

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> <em>(Download Version 11. You'll have to enter your email address and name)</em>
<ol>
<li>Double-click the file and follow the on-screen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Computer</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
</ul>
</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>

 

[ArizEagle]

Malwarebytes Anti-Rootkit:

I ran this scan twice and it showed:

Scan Finished: No malware found.

Next post will be Kaspersky...

 

[ArizEagle]

Kaspersky Scan:

I ran the Kaspersky Virus Removal Tool...
It took a long time and I had to reset my "sleep mode" on my computer in order for it to run through.
Also, it halted a few times when it detected a threat (beyond the reported 3 threats on the report) and would not continue unless I hit the "SKIP" or "DELETE" buttons.
I hit "SKIP" twice thinking it would just log the event or threat, but it did not add to the total of 3 detected, and would not continue unless I did one or the other.
On one instance, I just clicked the "DELETE" and it didn't add to the total of 3 either.
Here is what the threat was that I deleted:
"not-a-virus:AdWare.Win32.Bryte.jcs

I attached the log file to this post:
Thanks...

 

[Fiery]

Have you tried System Restore? I see you have a few restore points dated back in august. Try restoring to those points.

 

[ArizEagle]

I hope this doesn't sound like a dumb question, but I'm going to ask anyway...
Should I "disinfect" those 3 detected threats??

 

[Fiery]

Not a dumb question. It is a very reasonable one

Those 3 threats aren't really "threats". You can certainly delete them as they seem to be an installer file for a program you downloaded.

 

[ArizEagle]

Hello again...

I did delete those 3 items.., prior to your last post..
I also did a system restore and feel I need to undo it.
I had an error trying to bring up Chrome.
My Chrome task bar still disappears when I bring up a web site.
My Chrome page is missing a few things that were there until a few days ago, such as my Google search box, and 2 others..
Even with system restore, my task bar and favorites disappears when I go to a web site. This did not go back to the previous way Chrome was working... Maybe I can restore Chrome by itself???
I took a picture of my Chrome home page, should I try to send it to you?

I still have issues with I.E. as my favorite list is still intact, but I.E. won't let me go to the selected web site of any of my "Favorites." (It hasn't for months). So when clicking on a "favorite" website, nothing happens...

 

[Fiery]

Hi,

yes, please upload the picture so I have a better idea of your problem. You can try reinstall chrome again

 

[ArizEagle]

SYSTEM DIED!!!!!!!

What I did first

Windows won't start - for that matter, the only thing that came up was a blue page with what appeared to be a dove and an olive branch...

I tried a Startup Repair with no success.....

Results:
Problem Event Name: StartupRepairOffline
Problem signature: 01: 6.1.7600.16385
Problem Signature: 02: 6.1.7600.16385
Problem signature: 03: unknown
Problem signature: 04: 334
Problem signature: 05: Autofailover
Problem signature: 06: 1
Problem signature: 07: Missing OsLoader
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Ran it a second time with a couple of different results:[/color]
Problem signature: 04: 167
Problem signature: 07: 0of4

I was able to run a system restore and after first failing on a Sept 6th date (Failed) I was able to go back to, I believe Aug. 30th and it appeared to restore successfully. That said, the system still won't start "Windows."

Here are the results of another Startup Repair:
Problem signature 04: 21200000
Problem Signature 06: 3
Problem Signature 07: 0xf4

At least I can now get in "Advance Boot Option" but not sure what I can do.
I tried or at least get to the Advanced Boot Option page.
[/size]

FYI - When is Advanced Boot Options
Is there any way to talk on the phone...
Thanks...