Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Win 32-Tls Hack-A Trojan

This is a discussion on Win 32-Tls Hack-A Trojan within the Resolved HJT Threads forums, part of the Tech Support Forum category. Ok i have been discussing the fact thati was part of that hack of CCleaner ver 5.33 here is link


 
 
Thread Tools Search this Thread
Old 09-19-2017, 01:53 PM   #1
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Ok i have been discussing the fact thati was part of that hack of CCleaner ver 5.33 here is link to those threads >>> https://www.techsupportforum.com/foru...r-1210873.html

I ran Avast a/v on my WinXp Lenovo adter discovering that the supposed new CCleaner version they told us to upgrade to version 5.34 also had two trojans Floxif.Trace in the value and registry.So this was not good.
I also ran about 2 hrs ago my Avast av to see if it would come up with something and lo&behold it found a Win 32TlsHack-A[Trj] in my
D:\System Volume Information-RESTORE{ EF02A767-847C-48BC-A8F2-DD4434CCDD04} \RP2836\A4564495.exe

Avast then told me it resolve issue and placed it in Virus chest.It didn't tell me to restart my PC though,so not sure if it resolved the issue like the claim.
So what should i do and is this realted to the CCleaner issues.
bigalster is offline  
Sponsored Links
Advertisement
 
Old 09-19-2017, 02:43 PM   #2
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by al at 17:36:40 on 2017-09-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.763 [GMT -4:00]
.
AV: Malwarebytes *Enabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus *Enabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
D:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Secunia\PSI\sua.exe
D:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\AVAST Software\Avast\aswidsagent.exe
D:\WINDOWS\jmesoft\hotkey.exe
D:\WINDOWS\system32\VTTimer.exe
D:\Program Files\BellCanada\McciTrayApp.exe
D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
D:\Program Files\CCleaner\CCleaner.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
D:\WINDOWS\system32\svchost.exe -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cnn.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - d:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - d:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [CCleaner Monitoring] "d:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [jmekey] d:\windows\jmesoft\hotkey.exe
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [WD Quick View] d:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [BellCanada_McciTrayApp] "d:\program files\bellcanada\McciTrayApp.exe"
mRun: [AvastUI.exe] "d:\program files\avast software\avast\AvLaunch.exe" /gui
mRun: [Malwarebytes TrayApp] d:\program files\malwarebytes\anti-malware\mbamtray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349404732234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1FC1E91E-3129-4DE0-92A8-5900CE8F207C} : DHCPNameServer = 192.168.2.1
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "d:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\al\application data\mozilla\firefox\profiles\qsu81t11.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - CNN - Breaking News, Latest News and Videos
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A111US1056&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\documents and settings\al\application data\jpl-nasa-caltech\nasa's eyes\npNASAEyes.dll
FF - plugin: d:\documents and settings\al\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\common files\motive\npMotive.dll
FF - plugin: d:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\windows\system32\lenovo\update\npdueng.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_27_0_0_130.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;\SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys [?]
R0 aswblog;aswblog;\SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys [?]
R0 aswbuniv;aswbuniv;\SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys [?]
R0 aswRvrt;aswRvrt;\SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys [?]
R0 aswVmm;aswVmm;\SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys [?]
R0 MBAMChameleon;MBAMChameleon;d:\windows\system32\drivers\MBAMChameleon.sys [2017-8-29 147232]
R0 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\MBAMSwissArmy.sys [2017-8-5 221600]
R0 MxEFUF;Matrox Extio Upper Function Filter;d:\windows\system32\drivers\MxEFUF32.sys [2011-9-25 102728]
R0 RapportKELL;RapportKELL;d:\windows\system32\drivers\RapportKELL.sys [2017-8-25 263744]
R0 xfilt;VIA SATA IDE Hot-plug Driver;d:\windows\system32\drivers\xfilt.sys [2013-10-12 23192]
R1 aswbidsdriver;aswbidsdriver;d:\windows\system32\drivers\aswbidsdriverx.sys [2017-4-23 267520]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2017-4-23 773800]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2017-4-23 500136]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;d:\windows\system32\drivers\mbae.sys [2017-8-5 59936]
R1 RapportAegle;RapportAegle;d:\program files\trusteer\rapport\bin\RapportAegle.sys [2017-8-25 203072]
R1 RapportCerberus_1804073;RapportCerberus_1804073;d:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1804073.sys [2017-9-4 846472]
R1 RapportEI;RapportEI;d:\program files\trusteer\rapport\bin\RapportEI.sys [2017-8-25 334912]
R1 RapportPG;RapportPG;d:\program files\trusteer\rapport\bin\RapportPG.sys [2017-8-25 414432]
R2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2017-4-23 124952]
R2 avast! Antivirus;Avast Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2017-8-31 275208]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [2011-9-25 21992]
R2 MBAMService;Malwarebytes Service;d:\program files\malwarebytes\anti-malware\MBAMService.exe [2017-8-5 3398608]
R2 RapportMgmtService;Rapport Management Service;d:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2017-8-25 2350064]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 WDDriveService;WD Drive Manager;d:\program files\western digital\wd drive manager\WDDriveService.exe [2014-6-2 295800]
R3 aswbIDSAgent;aswbIDSAgent;d:\program files\avast software\avast\aswidsagent.exe [2017-8-31 5830352]
R3 aswStmXP;aswStmXP;d:\windows\system32\drivers\aswStmXP.sys [2017-4-23 202712]
R3 BBUpdate;BBUpdate;d:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 MBAMProtection;MBAMProtection;d:\windows\system32\drivers\mbam.sys [2017-8-5 40352]
S2 BBSvc;BingBar Service;d:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 aswHwid;aswHwid;d:\windows\system32\drivers\aswHwid.sys [2017-4-23 42856]
S3 DrvAgent32;DrvAgent32;d:\windows\system32\drivers\DrvAgent32.sys [2016-9-11 31832]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;d:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]
S3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RapportIaso;RapportIaso;d:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [2013-5-9 11520]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2009-1-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2017-08-29 13:07:03 147232 ----a-w- d:\windows\system32\drivers\MBAMChameleon.sys
2017-08-26 03:09:20 263744 ----a-w- d:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2017-09-19 15:09:51 40352 ----a-w- d:\windows\system32\drivers\mbam.sys
2017-09-19 15:09:24 221600 ----a-w- d:\windows\system32\drivers\MBAMSwissArmy.sys
2017-09-12 20:14:17 803328 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2017-09-12 20:14:16 144896 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2017-08-31 13:12:48 202712 ----a-w- d:\windows\system32\drivers\aswStmXP.sys
2017-08-31 13:12:47 70864 ----a-w- d:\windows\system32\drivers\aswRvrt.sys
2017-08-31 13:12:47 42856 ----a-w- d:\windows\system32\drivers\aswHwid.sys
2017-08-31 13:12:47 296824 ----a-w- d:\windows\system32\drivers\aswVmm.sys
2017-08-31 13:12:47 124952 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2017-08-31 13:12:32 773800 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2017-08-31 13:12:28 50384 ----a-w- d:\windows\system32\drivers\aswbunivx.sys
2017-08-31 13:12:28 276736 ----a-w- d:\windows\system32\drivers\aswblogx.sys
2017-08-31 13:12:28 267520 ----a-w- d:\windows\system32\drivers\aswbidsdriverx.sys
2017-08-31 13:12:28 157416 ----a-w- d:\windows\system32\drivers\aswbidshx.sys
2017-06-27 1628 59936 ----a-w- d:\windows\system32\drivers\mbae.sys
.
============= FINISH: 17:37:28.76 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2011 10:52:03 PM
System Uptime: 9/19/2017 11:07:16 AM (6 hours ago)
.
Motherboard: LENOVO | | K8M800-M3
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 2199/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 8.156 GiB free.
D: is FIXED (NTFS) - 163 GiB total, 108.982 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2798: 8/1/2017 6:15:42 PM - System Checkpoint
RP2799: 8/2/2017 6:32:15 PM - System Checkpoint
RP2800: 8/3/2017 7:24:50 PM - System Checkpoint
RP2801: 8/4/2017 7:56:56 PM - System Checkpoint
RP2802: 8/5/2017 9:18:36 PM - System Checkpoint
RP2803: 8/6/2017 9:43:26 PM - System Checkpoint
RP2804: 8/7/2017 10:39:25 PM - System Checkpoint
RP2805: 8/8/2017 10:45:19 PM - System Checkpoint
RP2806: 8/9/2017 9:27:08 AM - Installed Rapport
RP2807: 8/10/2017 10:43:53 AM - System Checkpoint
RP2808: 8/11/2017 11:29:33 AM - System Checkpoint
RP2809: 8/12/2017 12:03:07 PM - System Checkpoint
RP2810: 8/13/2017 12:48:36 PM - System Checkpoint
RP2811: 8/14/2017 1:16:17 PM - System Checkpoint
RP2812: 8/15/2017 1:32:59 PM - System Checkpoint
RP2813: 8/16/2017 6:50:55 PM - System Checkpoint
RP2814: 8/18/2017 2:21:06 PM - System Checkpoint
RP2815: 8/19/2017 2:29:41 PM - System Checkpoint
RP2816: 8/20/2017 2:40:52 PM - System Checkpoint
RP2817: 8/21/2017 4:55:29 PM - System Checkpoint
RP2818: 8/24/2017 10:23:55 AM - System Checkpoint
RP2819: 8/25/2017 12:51:45 PM - System Checkpoint
RP2820: 8/26/2017 5:02:22 PM - System Checkpoint
RP2821: 8/28/2017 5:25:38 PM - System Checkpoint
RP2822: 8/29/2017 6:12:44 PM - System Checkpoint
RP2823: 8/30/2017 10:27:30 PM - System Checkpoint
RP2824: 8/31/2017 9:14:33 AM - Installed Windows XP Wdf01009.
RP2825: 9/1/2017 12:45:05 PM - System Checkpoint
RP2826: 9/2/2017 12:58:29 PM - System Checkpoint
RP2827: 9/3/2017 1:15:24 PM - System Checkpoint
RP2828: 9/4/2017 9:23:31 AM - Installed Rapport
RP2829: 9/5/2017 11:13:22 AM - System Checkpoint
RP2830: 9/6/2017 12:28:10 PM - System Checkpoint
RP2831: 9/7/2017 2:03:48 PM - System Checkpoint
RP2832: 9/8/2017 2:25:09 PM - System Checkpoint
RP2833: 9/9/2017 2:30:22 PM - System Checkpoint
RP2834: 9/10/2017 3:08:22 PM - System Checkpoint
RP2835: 9/11/2017 3:38:18 PM - System Checkpoint
RP2836: 9/12/2017 4:57:07 PM - System Checkpoint
RP2837: 9/13/2017 6:20:35 PM - System Checkpoint
RP2838: 9/14/2017 6:35:35 PM - System Checkpoint
RP2839: 9/16/2017 12:41:30 PM - System Checkpoint
RP2840: 9/17/2017 12:52:53 PM - System Checkpoint
RP2841: 9/18/2017 1:04:54 PM - System Checkpoint
RP2842: 9/19/2017 2:08:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
%WS4_ARP_DISPLAY%
Adobe Flash Player 27 ActiveX
Adobe Flash Player 27 NPAPI
Adobe Reader XI (11.0.08)
Akamai NetSession Interface
Avast Free Antivirus
Bell Internet Check-up
Bing Bar
BlitzIn 3.11
CAM UnZip 4.5
Canon MP500
CCleaner
ChessBase 10
ChessBase Reader
CPUID CPU-Z 1.70
Dasher
Deep Rybka 3
Easy-WebPrint
FileHippo App Manager
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB969084)
ICC for Windows 1.0 beta 9.8.8
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Kobo
LENOVO OKE FN PS2 KEYBOARD
Logitech Vid HD
Logitech Webcam Software
Malwarebytes version 3.1.2.1733
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
Mozilla Firefox 52.3.0 ESR (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Octoshape add-in for Adobe Flash Player
PlayChess
Rapport
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813347)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB4012598)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 6.18
SpywareBlaster 5.5
Trusteer Endpoint Protection
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast-Ethernet Adapter
WD Quick View
WD SmartWare Installer
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Player Firefox Plugin
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
.
==== Event Viewer Messages From Past Week ========
.
9/18/2017 10:23:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx PCIIde ViaIde
9/15/2017 9:09:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/15/2017 9:09:12 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/15/2017 5:23:59 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/13/2017 10:32:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
9/13/2017 10:32:31 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2017 10:32:28 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
9/12/2017 9:17:03 AM, error: Schannel [36876] - The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.
.
==== End Of File ===========================
bigalster is offline  
Old 09-22-2017, 01:57 PM   #3
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



"BUMP, please"
bigalster is offline  
Sponsored Links
Advertisement
 
Old 09-23-2017, 03:52 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

First, a couple of points here. As mentioned by others, there is no need to use CCleaner. I have never used CCleaner on any of my machines.

An alternative temp file cleaner for your machine is ATF Cleaner:

Welcome to the Frontpage - www.atribune.org

Second, you are running XP Pro, an outdated OS that no longer receives Windows Updates, which means your machine will ALWAYS be susceptible to infection.

Don't take this the wrong way, but it is pretty much a waste of time cleaning machines with out of date operating systems.

Again, I loved XP and hated to see it go as an OS, so don't take it the wrong way.

Quote:
I also ran AVAST A/V and it just found a virus; D:|System Volume Information\....|A4564495.exe Threat is Win 32:TlsHack-A{Trj} so Avast has put it in the Chest.
is this related to the CCleaner issue?
System Volume Information is where Windows keeps old system restore points. Anything found there can do no harm to your machine unless you use restore your machine to that restore point.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Avast and MBAM.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

In case you were wondering, MBAM v.3 is now a full-fledged real-time antivirus.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

If you choose to keep Avast as your antivirus, but want MBAM as an on-demand scanner, you can download an earlier version and decline the antivirus option.

https://www.bleepingcomputer.com/dow...-malware/dl/7/

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at D:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-23-2017, 04:35 PM   #5
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Tried downloading AdwCleaner but it gives me error message saying it is not valid Win32 application and won't work.

CCleaner i have already uninstalled two days ago.I pay for MBAM premium but i was under impression that i also needed an a/v so i got free version of Avast.I will keep MBAM as it is premium and it's costing me money so i better use it.
I didn't think i was protected from viruses just having MBAM.However i do not have ransomware protection asMBAM doesn't support Win XP so this tab is useless.
I'm getting rid of XP(as much as i love it) within a month or so,maybe longer until i can get new machine.
bigalster is offline  
Old 09-23-2017, 07:42 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello bigalster. I failed to remember AdwCleaner doesn't run on XP. That's how outdated XP is.

------------------------------------------------------

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software, i.e. Avast, now to avoid potential conflicts.
  • Run the tool by double-clicking JRT.exe. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-click JRT.exe and select 'Run as administrator'.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • When you close the log, the command window will disappear. Then close your 'My Documents' folder.
  • Post the contents of JRT.txt into your next message.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-23-2017, 07:57 PM   #7
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by al (Administrator) on Sat 09/23/2017 at 22:50:34.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: D:\Documents and Settings\al\Local Settings\Application Data\cre (Folder)
Successfully deleted: D:\Documents and Settings\al\Local Settings\Application Data\esupport.com (Folder)
Successfully deleted: D:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: D:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: D:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: D:\Documents and Settings\All Users\uniblue (Folder)

user_pref(browser.search.defaultenginename, Secure Search);
user_pref(browser.search.order.1, Secure Search);
user_pref(browser.search.selectedEngine, Secure Search);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A31C639-5B9C-4583-ABA5-8473C841B547} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/23/2017 at 22:54:16.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bigalster is offline  
Old 09-24-2017, 01:31 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, bigalster. Nothing malicious so far. Are you experiencing any problems with your machine?

------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2017, 07:31 PM   #9
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



PC works fine,but i told you i have MBAMPremium version,but does this protect me from viruses as well? I always though you needed an a/v alongside of it? So my intention is to keep MBAM,although with Win Xp i have no ransomware protection.Can i ditch Avast then and be fully protected with just MBAM installed?
As i said,my intention is to get upgrade to new PC in next few months.
Here is log results>>>>>
C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\1zj8mlt7.default\conduitCommon\modules\3.7.0.6\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application
C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\1zj8mlt7.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome\whitesmoke_bar.jar Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\1zj8mlt7.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\modules\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup326(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(3).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(4).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup508(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup511(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup511(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup512.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup513(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup513(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup513.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup514.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup515.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup517.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup519(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup519.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup520.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup521.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup522(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup522(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup522.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup523.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup524(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup524.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup526(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup526(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup527(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup527(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup527.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup528.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup529(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup530(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup530(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup530.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup531(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup531(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup531.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup532(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup532(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup532.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup534(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup534(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup534.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\ccsetup535.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\defragsetup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\defragsetup(2).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\defragsetup(3).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\defragsetup(4).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\FREEAV(1).exe Win32/Toolbar.Visicom.G potentially unwanted application,a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\FREEAV.exe Win32/Toolbar.Visicom.G potentially unwanted application,a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application
D:\Documents and Settings\al\My Documents\Downloads\imf-setup(1).exe.part a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\imf-setup(2).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application,Win32/Toolbar.Widgi.C potentially unwanted application
D:\Documents and Settings\al\My Documents\Downloads\PCMAX_AF_ErrorsFix_Setup.exe a variant of Win32/Adware.RegistryNuke.A application
bigalster is offline  
Old 09-24-2017, 08:27 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, bigalster.

Quote:
PC works fine
Glad to hear it.

Yes, MBAM v.3 is a full-fledged, real-time AV(antivirus) application.

Quote:
although with Win Xp i have no ransomware protection
Do other AVs offer anti-ransomware? On XP? XP was out of date before ransomware came about.

Your main problem is your OS, not your AV.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\1zj8mlt7.default\conduitCommon\modules\3.7.0.6\SearchProtector.jsm"
"C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\1zj8mlt7.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome\whitesmoke_bar.jar"
"C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\1zj8mlt7.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\modules\SearchProtector.jsm"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup324.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup325.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup326(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup326.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup401.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup406.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup409.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup411.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup412.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup413.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup414.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup416.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup417.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup418.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(3).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup419(4).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup419.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup500.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup501.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup502.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup503.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup504.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup505.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup506.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup507.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup508(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup508.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup509.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup510.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup511(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup511(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup511.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup512.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup513(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup513(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup513.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup514.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup515.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup516.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup517.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup518.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup519(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup519.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup520.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup521.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup522(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup522(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup522.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup523.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup524(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup524.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup525.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup526(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup526(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup526.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup527(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup527(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup527.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup528.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup529(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup529.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup530(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup530(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup530.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup531(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup531(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup531.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup532(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup532(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup532.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup534(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup534(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup534.exe"
"D:\Documents and Settings\al\My Documents\Downloads\ccsetup535.exe"
"D:\Documents and Settings\al\My Documents\Downloads\defragsetup(1).exe"
"D:\Documents and Settings\al\My Documents\Downloads\defragsetup(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\defragsetup(3).exe"
"D:\Documents and Settings\al\My Documents\Downloads\defragsetup(4).exe"
"D:\Documents and Settings\al\My Documents\Downloads\defragsetup.exe"
"D:\Documents and Settings\al\My Documents\Downloads\FREEAV(1).ex"
"D:\Documents and Settings\al\My Documents\Downloads\FREEAV.exe"
"D:\Documents and Settings\al\My Documents\Downloads\imf-setup(1).exe.part"
"D:\Documents and Settings\al\My Documents\Downloads\imf-setup(2).exe"
"D:\Documents and Settings\al\My Documents\Downloads\imf-setup.exe"
"D:\Documents and Settings\al\My Documents\Downloads\PCMAX_AF_ErrorsFix_Setup.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2017, 08:40 PM   #11
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



When i clicked on fix.bat and tried to dbl click to run it it just disappeared from the screen.i did it twice.
Ok i see what you mean the black scree said deleted successfully,then it prompted me to pres any key,then the screen disappeared .
I was looking for some sort of readout again.
D://WINDOWS\system 32/CMD.exe was undermneath it.
bigalster is offline  
Old 09-25-2017, 02:40 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

----------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\JRT"

A DOS window will open and close again, this is normal.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.

    *Note*- By default, whenever ComboFix deletes any file, it replaces any Hosts file with the default Windows Hosts file. Therefore, you will once again need to replace the default Hosts file with the MVPS HOSTS file.

  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2017, 07:25 AM   #13
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



All done captain,many thx for your help.I downloaded WOT and did the mvsp.bat file as suggested.
Couple of things. It showed in last scan 90 infections but we didn't press "clean option" so shouldn't i clean up all that crap esetonlinescanner recommended we clean up??
I will keep MBAM, btw i have version 3.12.1733 Premium ,so you say that this protects me just like amy a/v from virueses as well as malware? I want to be sure,but again you recommend ditching AVASt,correct? It's a little ironic
that it is Avast who just bought out Piriform in the UK and it is they who created this CCleaner mess.
If you could get back to me on these questions.
I'm about to do MBAM scan,once done i'll let you know and if no issues i will wa8it for your response and close thread as solved.
Many thx Chemist,you da man with the magic potion for sure:)
bigalster is offline  
Old 09-25-2017, 08:02 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, bigalster. You're welcome.

You deleted those ESET finds when you ran that fix.bat file.

As far as Avast and CCleaner, I suggest you contact Avast for help.

As far as MBAM vs Avast, I'm just saying MBAM is a full-fledged antivirus, like I said before. Yes, antivirus, but you decide.

I would suggest you get rid of XP.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2017, 08:34 PM   #15
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Ok thx again what about using the ESET scanner,can i use that regularly to clean up my files?
bigalster is offline  
Old 09-26-2017, 08:08 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Online scanners, as most scanners, sometimes detect false positives, so I would not suggest you use that to automatically clean up files, no.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-26-2017, 08:24 PM   #17
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Ok thx again for all your help,you were great Chemist!I\ll mark thread solved.
bigalster is offline  
Old 09-26-2017, 08:27 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware/trojan help
Hello, My computer is running considerably slower than normal. Additionally, the computer appears to be infected by the trojan Cryptowall. Thanks in advance for your help. FYI I do not have a boot CD (or CD drive) easily accessible. Here is my DDS log: DDS (Ver_2012-11-20.01) -...
challett Resolved HJT Threads 25 12-15-2014 08:43 AM
Windows not booting
I recently received a laptop from a friend and i formatted it and continued using it as an extra computer in my garage. After formatting i noticed it still had a couple bugs such as linking to other sites on google searches and randomly shutting off. As of today the computer decided not to boot at...
Feircepc Virus/Trojan/Spyware Help 35 04-28-2012 03:45 PM
trouble with viruses
higuys, been having a bunchof problems wth trojans recently,think i have rootit issues and my keyboard has stopped working. here are my dds logs . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Dan at 22:29:04 on 2012-02-09 Microsoft Windows XP Professional ...
kieran.mlne Virus/Trojan/Spyware Help 20 02-22-2012 04:13 AM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Trojan Horse Backdoor.Generic12.CJBK Help
Hello, I am running Windows XP Service Pack 3 and recently my AVG Virus Scan 9.0 found the following Trojan Horse which it cannot seem to get rid off: Trojan Horse Backdoor.Generic12.CJBK Please help me in eliminating this trojan. I followed the "First Steps" as requested and will post...
alegotgame Resolved HJT Threads 21 01-26-2011 11:51 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:06 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts