My husband's Asus laptop sounds like it's playing a radio

Started by Evenshade, April 02, 2014, 03:38:52 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 ... 6 7 8 9 10
User actions

Evenshade

#105
April 28, 2014, 10:41:30 PM
Donna,
The strangest thing (naturally!)  ;)  ......and I hope I can explain this properly.
When I follow your instructions and work my way down the "tree" (OS [C:]>Windows>System 32, there is no file in the next branch down called rpcss.dll. 

However, when I do a search for the file using the START button/search programs and files, it shows up as found under "Programs (1)".    When I right click on it and choose Open file location, it is right there in alphabetical order with all the other "r" files between a file called RpcRtRemote.dll and one called rrinstaller. These same are in order when I use your instructions, but no rpcss.dll is between them. And at the top of the window the path for the file shows as Computer> OS (C:)>Window> System 32>rpcss.dll 

If I double click on rpcss.dll I get a Caution that says "You are attempting to open a file of type 'Application extension' (.dll).   These files are used by the operating system and by various programs.  Editing or modifying them could damage your system.   If you still want to open the file, click Open with.  Otherwise, click Cancel.  Of course, I didn't open it.

So my question is how to I get this file to interact with virustotal on the desktop since it didn't find it?
Pam

DonnaB

#106
April 28, 2014, 11:24:39 PM
Egads!! Now this is down right weird! :shocked:

Same thing here. I typed rpcss.dll into the search field of FRST and the resultant search found the file in that path, but Virus Total could not find it there. Back to the discussion table to see what's up with that!!  :huh:

In the meantime, we have to use the uninstaller to remove Panda again then I 'd like to see another FRST log to verify that all residual files have been removed.

Uninstall Panda



  • Download AVCleaner10.exe from here and save it to your desktop.
  • Run the UNINSTALLER_07.EXE file by double-clicking it .
  • A window will be displayed requiring confirmation to begin the uninstallation and warning about the system restart once the process has ended. Click Yes.
    Note: No progess bar is displayed. It is necesary to wait until this message is displayed Thank you for waiting. Hit OK to reboot.
Panda should now be removed from your PC.

Original instructions can be found here, if needed:
http://www.pandasecurity.com/homeusers/support/card?id=23010&IdIdioma=2[/QUOTE]

Next:

  • Right click on the FRST icon found on the desktop and click Scan.
  • Please post the FRST.txt log that is generated in your next reply.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#107
April 29, 2014, 12:29:12 AM
UNINSTALLER07.exe literally took 2 seconds before having me reboot....just want to be sure that sounds right? :)

Here's the log, Donna,



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Pam (administrator) on PAM-PC on 28-04-2014 20:25:16
Running from C:\Users\Pam\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Pam\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Pam\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-11] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2197473533-1832051902-499653901-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pam\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2197473533-1832051902-499653901-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2197473533-1832051902-499653901-1001\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default
FF Homepage: hxxp://www.landzdown.com/analysis-and-malware-removal/|hxxp://www.aol.com/|https://www.facebook.com/|hxxp://classic.wunderground.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\ALone-live@ya.ru [2013-07-21]
FF Extension: ColorfulTabs - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-04-27]
FF Extension: WOT - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Adblock Plus - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-17]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S4 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-23] (ASUSTeK Computer Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [89640 2012-11-26] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [114728 2012-11-26] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [95712 2013-01-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114216 2012-11-26] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [33320 2012-10-22] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [94248 2012-11-26] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69160 2012-11-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [118312 2012-11-26] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306216 2012-11-26] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [116776 2012-11-26] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114216 2012-11-26] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [232488 2012-11-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [105000 2012-11-26] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [167976 2012-11-09] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119848 2012-11-09] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [204328 2012-11-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [123944 2012-11-09] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133160 2012-11-09] (Panda Security, S.L.)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-22] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
U3 tmlwf;
U3 tmwfp;
S1 wpdkxtct; \??\C:\Windows\system32\drivers\wpdkxtct.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 20:20 - 2014-04-28 20:22 - 00000000 ____D () C:\SMCLpav
2014-04-28 20:20 - 2014-04-28 20:20 - 00000000 _____ () C:\Autoexec.bat
2014-04-28 20:19 - 2014-04-28 20:19 - 00668144 _____ () C:\Users\Pam\Desktop\UNINSTALLER_07.exe
2014-04-27 21:36 - 2014-04-27 21:47 - 00001218 _____ () C:\Users\Pam\Desktop\Search.txt
2014-04-27 20:52 - 2014-04-27 20:53 - 00029476 _____ () C:\Users\Pam\Desktop\Addition.txt
2014-04-27 20:50 - 2014-04-28 20:25 - 00010869 _____ () C:\Users\Pam\Desktop\FRST.txt
2014-04-27 20:50 - 2014-04-27 20:50 - 02061824 _____ (Farbar) C:\Users\Pam\Desktop\FRST64.exe
2014-04-19 19:39 - 2014-04-28 20:25 - 00000000 ____D () C:\FRST
2014-04-15 21:35 - 2014-04-15 21:35 - 00040278 _____ () C:\Users\Pam\Desktop\sfcdetails.txt
2014-04-09 23:20 - 2014-04-09 23:21 - 00001108 _____ () C:\Users\Pam\Desktop\FSS.txt
2014-04-09 23:20 - 2014-04-09 23:20 - 00409600 _____ (Farbar) C:\Users\Pam\Desktop\FSS.exe
2014-04-08 21:50 - 2014-04-27 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-08 21:50 - 2014-04-08 21:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 21:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 21:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 21:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 21:47 - 2014-04-08 21:49 - 00265752 _____ (Secure By Design Inc.) C:\Users\Pam\Desktop\Ninite Malwarebytes Installer.exe
2014-04-08 21:23 - 2014-04-08 21:23 - 04201456 _____ (Krzysztof Kowalczyk) C:\Users\Pam\Downloads\SumatraPDF-2.4-install.exe
2014-04-08 21:23 - 2014-04-08 21:23 - 00001931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\SumatraPDF
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Program Files (x86)\SumatraPDF
2014-04-06 11:41 - 2014-04-27 20:29 - 00000000 ____D () C:\Users\Pam\Desktop\RK_Quarantine
2014-04-03 22:09 - 2014-04-15 21:37 - 00000000 ____D () C:\Users\Pam\AppData\Local\CrashDumps
2014-04-03 20:04 - 2014-04-03 20:04 - 00001279 _____ () C:\Windows\IE11_main.log
2014-04-03 10:46 - 2014-04-03 10:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-01 23:28 - 2014-04-01 23:28 - 00987448 _____ () C:\Users\Pam\Desktop\SecurityCheck.exe
2014-04-01 23:23 - 2014-04-01 23:23 - 00688992 _____ (Swearware) C:\Users\Pam\Downloads\dds.scr
2014-04-01 23:11 - 2014-04-27 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-04-01 23:11 - 2014-04-01 23:11 - 00003054 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-04-01 23:10 - 2014-04-01 23:10 - 00000000 ____D () C:\ProgramData\P4G
2014-04-01 20:25 - 2014-04-01 20:26 - 01426178 _____ () C:\Users\Pam\Downloads\AdwCleaner.exe
2014-04-01 20:24 - 2014-04-01 20:24 - 00930952 _____ (CNET Download.com) C:\Users\Pam\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-04-01 19:51 - 2014-04-01 19:51 - 00029696 _____ (Gibson Research Corp.) C:\Users\Pam\Downloads\DCOMbob.exe

==================== One Month Modified Files and Folders =======

2014-04-28 20:26 - 2014-04-27 20:50 - 00010869 _____ () C:\Users\Pam\Desktop\FRST.txt
2014-04-28 20:25 - 2014-04-19 19:39 - 00000000 ____D () C:\FRST
2014-04-28 20:22 - 2014-04-28 20:20 - 00000000 ____D () C:\SMCLpav
2014-04-28 20:21 - 2012-06-15 22:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 20:21 - 2012-06-15 21:44 - 00095402 _____ () C:\Windows\setupact.log
2014-04-28 20:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 20:20 - 2014-04-28 20:20 - 00000000 _____ () C:\Autoexec.bat
2014-04-28 20:20 - 2012-06-15 21:47 - 01283617 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 20:19 - 2014-04-28 20:19 - 00668144 _____ () C:\Users\Pam\Desktop\UNINSTALLER_07.exe
2014-04-28 20:02 - 2012-06-15 22:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 20:02 - 2012-06-15 22:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 20:02 - 2011-07-02 17:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 19:56 - 2014-01-28 19:45 - 00000000 ____D () C:\Users\Pam\AppData\Local\Akamai
2014-04-28 15:45 - 2009-07-14 00:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 15:45 - 2009-07-14 00:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 21:47 - 2014-04-27 21:36 - 00001218 _____ () C:\Users\Pam\Desktop\Search.txt
2014-04-27 20:53 - 2014-04-27 20:52 - 00029476 _____ () C:\Users\Pam\Desktop\Addition.txt
2014-04-27 20:50 - 2014-04-27 20:50 - 02061824 _____ (Farbar) C:\Users\Pam\Desktop\FRST64.exe
2014-04-27 20:29 - 2014-04-08 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 20:29 - 2014-04-06 11:41 - 00000000 ____D () C:\Users\Pam\Desktop\RK_Quarantine
2014-04-27 20:29 - 2014-04-01 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-04-27 20:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-27 20:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-27 16:30 - 2010-02-11 05:10 - 00000000 ____D () C:\Users\Pam
2014-04-15 21:37 - 2014-04-03 22:09 - 00000000 ____D () C:\Users\Pam\AppData\Local\CrashDumps
2014-04-15 21:35 - 2014-04-15 21:35 - 00040278 _____ () C:\Users\Pam\Desktop\sfcdetails.txt
2014-04-09 23:21 - 2014-04-09 23:20 - 00001108 _____ () C:\Users\Pam\Desktop\FSS.txt
2014-04-09 23:20 - 2014-04-09 23:20 - 00409600 _____ (Farbar) C:\Users\Pam\Desktop\FSS.exe
2014-04-09 16:51 - 2012-06-15 22:54 - 00017670 _____ () C:\Windows\PFRO.log
2014-04-08 21:50 - 2014-04-08 21:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 21:50 - 2010-02-11 21:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 21:49 - 2014-04-08 21:47 - 00265752 _____ (Secure By Design Inc.) C:\Users\Pam\Desktop\Ninite Malwarebytes Installer.exe
2014-04-08 21:38 - 2014-01-28 15:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-08 21:38 - 2014-01-28 15:13 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-08 21:37 - 2014-01-28 15:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-08 21:37 - 2014-01-28 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-08 21:37 - 2013-08-25 13:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 21:30 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 21:23 - 2014-04-08 21:23 - 04201456 _____ (Krzysztof Kowalczyk) C:\Users\Pam\Downloads\SumatraPDF-2.4-install.exe
2014-04-08 21:23 - 2014-04-08 21:23 - 00001931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\SumatraPDF
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Program Files (x86)\SumatraPDF
2014-04-08 21:15 - 2009-10-19 09:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-08 21:15 - 2009-10-19 09:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-03 20:04 - 2014-04-03 20:04 - 00001279 _____ () C:\Windows\IE11_main.log
2014-04-03 10:46 - 2014-04-03 10:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 09:51 - 2014-04-08 21:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 21:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 21:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 00:20 - 2009-07-14 01:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 23:28 - 2014-04-01 23:28 - 00987448 _____ () C:\Users\Pam\Desktop\SecurityCheck.exe
2014-04-01 23:23 - 2014-04-01 23:23 - 00688992 _____ (Swearware) C:\Users\Pam\Downloads\dds.scr
2014-04-01 23:11 - 2014-04-01 23:11 - 00003054 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-04-01 23:10 - 2014-04-01 23:10 - 00000000 ____D () C:\ProgramData\P4G
2014-04-01 23:10 - 2009-10-19 09:17 - 00000000 ____D () C:\Program Files\ASUS
2014-04-01 23:01 - 2009-10-19 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2014-04-01 22:58 - 2012-04-24 11:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-01 22:57 - 2012-06-15 22:10 - 00000000 ____D () C:\Users\Pam\AppData\Local\Google
2014-04-01 20:36 - 2013-02-19 05:14 - 00003098 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-04-01 20:26 - 2014-04-01 20:25 - 01426178 _____ () C:\Users\Pam\Downloads\AdwCleaner.exe
2014-04-01 20:24 - 2014-04-01 20:24 - 00930952 _____ (CNET Download.com) C:\Users\Pam\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-04-01 20:21 - 2012-12-15 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-04-01 19:51 - 2014-04-01 19:51 - 00029696 _____ (Gibson Research Corp.) C:\Users\Pam\Downloads\DCOMbob.exe
2014-03-31 03:51 - 2010-02-12 17:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Pam\AppData\Local\Temp\atl80.dll
C:\Users\Pam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwdnfbf.dll
C:\Users\Pam\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\mfc80.dll
C:\Users\Pam\AppData\Local\Temp\mfc80u.dll
C:\Users\Pam\AppData\Local\Temp\mfcm80.dll
C:\Users\Pam\AppData\Local\Temp\mfcm80u.dll
C:\Users\Pam\AppData\Local\Temp\msvcm80.dll
C:\Users\Pam\AppData\Local\Temp\msvcp80.dll
C:\Users\Pam\AppData\Local\Temp\msvcr80.dll
C:\Users\Pam\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pam\AppData\Local\Temp\secuniasi7261320651922947294.dll
C:\Users\Pam\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Pam\AppData\Local\Temp\sqlite3.dll
C:\Users\Pam\AppData\Local\Temp\SSUPDATE.EXE
C:\Users\Pam\AppData\Local\Temp\TmDbg32.dll
C:\Users\Pam\AppData\Local\Temp\TmDbg64.dll
C:\Users\Pam\AppData\Local\Temp\vsinit.dll
C:\Users\Pam\AppData\Local\Temp\VSUSetup.exe
C:\Users\Pam\AppData\Local\Temp\vsutil.dll
C:\Users\Pam\AppData\Local\Temp\zauninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-13 19:47

==================== End Of Log ============================

DonnaB

#108
April 29, 2014, 02:37:47 AM
Download attached fixlist.txt file found at the bottom of this post, and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it in a reply.



Next:

  • Right click on the FRST icon found on the desktop and click Scan.
  • Please post the FRST.txt log that is generated in a reply.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#109
April 29, 2014, 11:05:54 PM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by Pam at 2014-04-29 19:04:08 Run:2
Running from C:\Users\Pam\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [X]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [89640 2012-11-26] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [114728 2012-11-26] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [95712 2013-01-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114216 2012-11-26] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [33320 2012-10-22] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [94248 2012-11-26] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69160 2012-11-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [118312 2012-11-26] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306216 2012-11-26] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [116776 2012-11-26] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114216 2012-11-26] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [232488 2012-11-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [105000 2012-11-26] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [167976 2012-11-09] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119848 2012-11-09] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [204328 2012-11-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [123944 2012-11-09] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133160 2012-11-09] (Panda Security, S.L.)
U3 tmlwf;
U3 tmwfp;
S1 wpdkxtct; \??\C:\Windows\system32\drivers\wpdkxtct.sys [X]
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [X]
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [X]
C:\Windows\System32\DRIVERS\NNSAlpc.sys [89640 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSHttp.sys [114728 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSHttps.sys [95712 2013-01-09] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSIds.sys [114216 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSNAHSL.sys [33320 2012-10-22] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSPicc.sys [94248 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSPihsw.sys [69160 2012-11-28] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSPop3.sys [118312 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSProt.sys [306216 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSPrv.sys [116776 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSSmtp.sys [114216 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSStrm.sys [232488 2012-11-28] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSTlsc.sys [105000 2012-11-26] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\PSINAflt.sys [167976 2012-11-09] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\PSINFile.sys [119848 2012-11-09] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\psinknc.sys [204328 2012-11-09] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\PSINProc.sys [123944 2012-11-09] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\PSINProt.sys [133160 2012-11-09] (Panda Security, S.L.)
C:\Windows\system32\drivers\wpdkxtct.sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
2014-04-06 11:41 - 2014-04-27 20:29 - 00000000 ____D () C:\Users\Pam\Desktop\RK_Quarantine
2014-04-15 21:35 - 2014-04-15 21:35 - 00040278 _____ () C:\Users\Pam\Desktop\sfcdetails.txt
2014-04-15 21:35 - 2014-04-15 21:35 - 00040278 _____ () C:\Users\Pam\Desktop\sfcdetails.txt
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts








*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PSUAMain => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
NanoServiceMain => Service deleted successfully.
PSUAService => Service deleted successfully.
NNSALPC => Service stopped successfully.
NNSALPC => Service deleted successfully.
NNSHTTP => Service stopped successfully.
NNSHTTP => Service deleted successfully.
NNSHTTPS => Service stopped successfully.
NNSHTTPS => Service deleted successfully.
NNSIDS => Service stopped successfully.
NNSIDS => Service deleted successfully.
NNSNAHSL => Service stopped successfully.
NNSNAHSL => Service deleted successfully.
NNSPICC => Service stopped successfully.
NNSPICC => Service deleted successfully.
NNSPIHSW => Service deleted successfully.
NNSPOP3 => Service stopped successfully.
NNSPOP3 => Service deleted successfully.
NNSPROT => Service stopped successfully.
NNSPROT => Service deleted successfully.
NNSPRV => Service stopped successfully.
NNSPRV => Service deleted successfully.
NNSSMTP => Service stopped successfully.
NNSSMTP => Service deleted successfully.
NNSSTRM => Service stopped successfully.
NNSSTRM => Service deleted successfully.
NNSTLSC => Service stopped successfully.
NNSTLSC => Service deleted successfully.
PSINAflt => Service stopped successfully.
PSINAflt => Service deleted successfully.
PSINFile => Service stopped successfully.
PSINFile => Service deleted successfully.
PSINKNC => Unable to stop service
PSINKNC => Service deleted successfully.
PSINProc => Service stopped successfully.
PSINProc => Service deleted successfully.
PSINProt => Service stopped successfully.
PSINProt => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
wpdkxtct => Service deleted successfully.
"C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [X]" => File/Directory not found.
"C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [X]" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSAlpc.sys [89640 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSHttp.sys [114728 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSHttps.sys [95712 2013-01-09] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSIds.sys [114216 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSNAHSL.sys [33320 2012-10-22] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSPicc.sys [94248 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSPihsw.sys [69160 2012-11-28] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSPop3.sys [118312 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSProt.sys [306216 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSPrv.sys [116776 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSSmtp.sys [114216 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSStrm.sys [232488 2012-11-28] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\NNSTlsc.sys [105000 2012-11-26] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\PSINAflt.sys [167976 2012-11-09] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\PSINFile.sys [119848 2012-11-09] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\psinknc.sys [204328 2012-11-09] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\PSINProc.sys [123944 2012-11-09] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\System32\DRIVERS\PSINProt.sys [133160 2012-11-09] (Panda Security, S.L.)" => File/Directory not found.
"C:\Windows\system32\drivers\wpdkxtct.sys" => File/Directory not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
C:\Users\Pam\Desktop\RK_Quarantine => Moved successfully.
C:\Users\Pam\Desktop\sfcdetails.txt => Moved successfully.
"C:\Users\Pam\Desktop\sfcdetails.txt" => File/Directory not found.
"C:\Windows\system32\Drivers\etc\hosts" => File/Directory not found.

==== End of Fixlog ====

Evenshade

#110
April 29, 2014, 11:10:51 PM
For the "Next" instructions..."Right click on the FRST icon found on the desktop and click Scan"

If I right click, the only scan options I get are the scan with either Malwarebytes or with Microsoft Security Essentials (at least that what I think I'm seeing)  :)

Am I supposed to double click the FRST64 icon and then choose scan?
Help!  < ggg >    :blink:

DonnaB

#111
April 30, 2014, 12:19:40 AM
When you right click, do you see Run as administator at all? It should be 2nd in the list after Open.

If not, go ahead and double click the icon. That will be fine. I'm just so used to instructing everyone to right click on Vista and above.  :D
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#112
April 30, 2014, 12:27:57 AM
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Pam (administrator) on PAM-PC on 29-04-2014 20:26:19
Running from C:\Users\Pam\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Pam\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Pam\AppData\Local\Akamai\netsession_win.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-11] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2197473533-1832051902-499653901-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pam\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2197473533-1832051902-499653901-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2197473533-1832051902-499653901-1001\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default
FF Homepage: hxxp://www.landzdown.com/analysis-and-malware-removal/|hxxp://www.aol.com/|https://www.facebook.com/|hxxp://classic.wunderground.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\ALone-live@ya.ru [2013-07-21]
FF Extension: ColorfulTabs - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-04-27]
FF Extension: WOT - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Adblock Plus - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-17]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S4 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-23] (ASUSTeK Computer Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-22] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 20:20 - 2014-04-29 06:22 - 00000000 ____D () C:\SMCLpav
2014-04-28 20:20 - 2014-04-28 20:20 - 00000000 _____ () C:\Autoexec.bat
2014-04-28 20:19 - 2014-04-28 20:19 - 00668144 _____ () C:\Users\Pam\Desktop\UNINSTALLER_07.exe
2014-04-27 21:36 - 2014-04-27 21:47 - 00001218 _____ () C:\Users\Pam\Desktop\Search.txt
2014-04-27 20:52 - 2014-04-27 20:53 - 00029476 _____ () C:\Users\Pam\Desktop\Addition.txt
2014-04-27 20:50 - 2014-04-29 20:26 - 00009235 _____ () C:\Users\Pam\Desktop\FRST.txt
2014-04-27 20:50 - 2014-04-27 20:50 - 02061824 _____ (Farbar) C:\Users\Pam\Desktop\FRST64.exe
2014-04-19 19:39 - 2014-04-29 20:26 - 00000000 ____D () C:\FRST
2014-04-09 23:20 - 2014-04-09 23:21 - 00001108 _____ () C:\Users\Pam\Desktop\FSS.txt
2014-04-09 23:20 - 2014-04-09 23:20 - 00409600 _____ (Farbar) C:\Users\Pam\Desktop\FSS.exe
2014-04-08 21:50 - 2014-04-27 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-08 21:50 - 2014-04-08 21:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 21:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 21:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 21:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 21:47 - 2014-04-08 21:49 - 00265752 _____ (Secure By Design Inc.) C:\Users\Pam\Desktop\Ninite Malwarebytes Installer.exe
2014-04-08 21:23 - 2014-04-08 21:23 - 04201456 _____ (Krzysztof Kowalczyk) C:\Users\Pam\Downloads\SumatraPDF-2.4-install.exe
2014-04-08 21:23 - 2014-04-08 21:23 - 00001931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\SumatraPDF
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Program Files (x86)\SumatraPDF
2014-04-03 22:09 - 2014-04-15 21:37 - 00000000 ____D () C:\Users\Pam\AppData\Local\CrashDumps
2014-04-03 20:04 - 2014-04-03 20:04 - 00001279 _____ () C:\Windows\IE11_main.log
2014-04-03 10:46 - 2014-04-03 10:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-01 23:28 - 2014-04-01 23:28 - 00987448 _____ () C:\Users\Pam\Desktop\SecurityCheck.exe
2014-04-01 23:23 - 2014-04-01 23:23 - 00688992 _____ (Swearware) C:\Users\Pam\Downloads\dds.scr
2014-04-01 23:11 - 2014-04-27 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-04-01 23:11 - 2014-04-01 23:11 - 00003054 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-04-01 23:10 - 2014-04-01 23:10 - 00000000 ____D () C:\ProgramData\P4G
2014-04-01 20:25 - 2014-04-01 20:26 - 01426178 _____ () C:\Users\Pam\Downloads\AdwCleaner.exe
2014-04-01 20:24 - 2014-04-01 20:24 - 00930952 _____ (CNET Download.com) C:\Users\Pam\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-04-01 19:51 - 2014-04-01 19:51 - 00029696 _____ (Gibson Research Corp.) C:\Users\Pam\Downloads\DCOMbob.exe

==================== One Month Modified Files and Folders =======

2014-04-29 20:26 - 2014-04-27 20:50 - 00009235 _____ () C:\Users\Pam\Desktop\FRST.txt
2014-04-29 20:26 - 2014-04-19 19:39 - 00000000 ____D () C:\FRST
2014-04-29 20:02 - 2012-06-15 22:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 19:18 - 2012-06-15 21:47 - 01334350 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 17:39 - 2014-01-28 19:45 - 00000000 ____D () C:\Users\Pam\AppData\Local\Akamai
2014-04-29 15:50 - 2009-07-14 00:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 15:50 - 2009-07-14 00:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 15:43 - 2012-06-15 21:44 - 00095514 _____ () C:\Windows\setupact.log
2014-04-29 15:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 06:22 - 2014-04-28 20:20 - 00000000 ____D () C:\SMCLpav
2014-04-28 20:20 - 2014-04-28 20:20 - 00000000 _____ () C:\Autoexec.bat
2014-04-28 20:19 - 2014-04-28 20:19 - 00668144 _____ () C:\Users\Pam\Desktop\UNINSTALLER_07.exe
2014-04-28 20:02 - 2012-06-15 22:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 20:02 - 2012-06-15 22:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 20:02 - 2011-07-02 17:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 21:47 - 2014-04-27 21:36 - 00001218 _____ () C:\Users\Pam\Desktop\Search.txt
2014-04-27 20:53 - 2014-04-27 20:52 - 00029476 _____ () C:\Users\Pam\Desktop\Addition.txt
2014-04-27 20:50 - 2014-04-27 20:50 - 02061824 _____ (Farbar) C:\Users\Pam\Desktop\FRST64.exe
2014-04-27 20:29 - 2014-04-08 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 20:29 - 2014-04-01 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-04-27 20:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-27 20:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-27 16:30 - 2010-02-11 05:10 - 00000000 ____D () C:\Users\Pam
2014-04-15 21:37 - 2014-04-03 22:09 - 00000000 ____D () C:\Users\Pam\AppData\Local\CrashDumps
2014-04-09 23:21 - 2014-04-09 23:20 - 00001108 _____ () C:\Users\Pam\Desktop\FSS.txt
2014-04-09 23:20 - 2014-04-09 23:20 - 00409600 _____ (Farbar) C:\Users\Pam\Desktop\FSS.exe
2014-04-09 16:51 - 2012-06-15 22:54 - 00017670 _____ () C:\Windows\PFRO.log
2014-04-08 21:50 - 2014-04-08 21:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 21:50 - 2014-04-08 21:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 21:50 - 2010-02-11 21:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 21:49 - 2014-04-08 21:47 - 00265752 _____ (Secure By Design Inc.) C:\Users\Pam\Desktop\Ninite Malwarebytes Installer.exe
2014-04-08 21:38 - 2014-01-28 15:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-08 21:38 - 2014-01-28 15:13 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-08 21:37 - 2014-01-28 15:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-08 21:37 - 2014-01-28 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-08 21:37 - 2013-08-25 13:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 21:30 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 21:23 - 2014-04-08 21:23 - 04201456 _____ (Krzysztof Kowalczyk) C:\Users\Pam\Downloads\SumatraPDF-2.4-install.exe
2014-04-08 21:23 - 2014-04-08 21:23 - 00001931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\SumatraPDF
2014-04-08 21:23 - 2014-04-08 21:23 - 00000000 ____D () C:\Program Files (x86)\SumatraPDF
2014-04-08 21:15 - 2009-10-19 09:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-08 21:15 - 2009-10-19 09:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-03 20:04 - 2014-04-03 20:04 - 00001279 _____ () C:\Windows\IE11_main.log
2014-04-03 10:46 - 2014-04-03 10:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 09:51 - 2014-04-08 21:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 21:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 21:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 00:20 - 2009-07-14 01:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 23:28 - 2014-04-01 23:28 - 00987448 _____ () C:\Users\Pam\Desktop\SecurityCheck.exe
2014-04-01 23:23 - 2014-04-01 23:23 - 00688992 _____ (Swearware) C:\Users\Pam\Downloads\dds.scr
2014-04-01 23:11 - 2014-04-01 23:11 - 00003054 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-04-01 23:10 - 2014-04-01 23:10 - 00000000 ____D () C:\ProgramData\P4G
2014-04-01 23:10 - 2009-10-19 09:17 - 00000000 ____D () C:\Program Files\ASUS
2014-04-01 23:01 - 2009-10-19 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2014-04-01 22:58 - 2012-04-24 11:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-01 22:57 - 2012-06-15 22:10 - 00000000 ____D () C:\Users\Pam\AppData\Local\Google
2014-04-01 20:36 - 2013-02-19 05:14 - 00003098 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-04-01 20:26 - 2014-04-01 20:25 - 01426178 _____ () C:\Users\Pam\Downloads\AdwCleaner.exe
2014-04-01 20:24 - 2014-04-01 20:24 - 00930952 _____ (CNET Download.com) C:\Users\Pam\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-04-01 20:21 - 2012-12-15 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-04-01 19:51 - 2014-04-01 19:51 - 00029696 _____ (Gibson Research Corp.) C:\Users\Pam\Downloads\DCOMbob.exe
2014-03-31 03:51 - 2010-02-12 17:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Pam\AppData\Local\Temp\atl80.dll
C:\Users\Pam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwdnfbf.dll
C:\Users\Pam\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Pam\AppData\Local\Temp\mfc80.dll
C:\Users\Pam\AppData\Local\Temp\mfc80u.dll
C:\Users\Pam\AppData\Local\Temp\mfcm80.dll
C:\Users\Pam\AppData\Local\Temp\mfcm80u.dll
C:\Users\Pam\AppData\Local\Temp\msvcm80.dll
C:\Users\Pam\AppData\Local\Temp\msvcp80.dll
C:\Users\Pam\AppData\Local\Temp\msvcr80.dll
C:\Users\Pam\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pam\AppData\Local\Temp\secuniasi7261320651922947294.dll
C:\Users\Pam\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Pam\AppData\Local\Temp\sqlite3.dll
C:\Users\Pam\AppData\Local\Temp\SSUPDATE.EXE
C:\Users\Pam\AppData\Local\Temp\TmDbg32.dll
C:\Users\Pam\AppData\Local\Temp\TmDbg64.dll
C:\Users\Pam\AppData\Local\Temp\vsinit.dll
C:\Users\Pam\AppData\Local\Temp\VSUSetup.exe
C:\Users\Pam\AppData\Local\Temp\vsutil.dll
C:\Users\Pam\AppData\Local\Temp\zauninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-13 19:47

==================== End Of Log ============================

DonnaB

#113
April 30, 2014, 12:53:08 AM
Oh, now that looks really good!

Before we move along here, I still want to verify that the rpcss.dll file is good. That file alone was the root to the evil that invaded the system.

Here is what I'd like for you to do:

Go to Start > Computer, click on Local Disk C: > Windows > System32, scroll down and search for rpcss.dll. Do you see it? Right click on the file and choose Copy. Now, go to the desktop, right click and choose Paste. A copy of the file should now be located on the desktop.

Now we can go to Virus Total and upload it from the desktop to be analyzed.

Click here > Virus Total, to submit the file by following these instructions below:

  • Click on Choose File to open the File Upload window on your computer.
  • In the left side panel, scroll down and click on Desktop
  • Search for the file on the desktop and once the file is found, click on it, then click Open. This will place the file in the Search Engine at Virus Total.
  • Click on Scan it!.
  • If you receive File already analysed, click the reanalyse button.
  • When the analysis has completed, click on View last analysis at the bottom of the page.
  • Copy and paste the url from that page into your next post for me to access.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

DonnaB

#115
April 30, 2014, 02:02:53 AM
QuoteYou give VERY good instructions!  :)
How nice of you to say that. Thank you! I try to simplify instructions as much as possible. I think it instills more confidence in the person receiving the instructions. I know how frustrating it is to be the victim. (been there done that, got the T-shirt to prove it .  :tongue:

Now that we know for sure that the file is legit, let's do another MBAM and ESET scan since we did have to restore the laptop back to 4-13-14. Then we can start to move ahead where we left off.

Malwarebytes is already installed. Right click on the icon, make sure to update the program and choose quick scan. Please post the log it generates once it completes.

Next:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on:

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on:
    (Selecting Uninstall application on close if you so wish)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

winchester73

#116
April 30, 2014, 01:07:33 PM

Evenshade ... off topic ... I hope you didn't endure the storms yesterday that folks not too far to your west did.  I was awakened this morning at 5 am by a tornado warning  :(

Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Evenshade

#117
May 01, 2014, 12:38:33 AM
Hi Winchester,
I am fine, but I wish I could say the same for others in my area.  We have had some tough weather the past several days/nights.  The death of an 11 month old from the tornado last Friday and a lot of property damage in this area.  Thank heaven no other injuries, though.  Thanks for asking!

Evenshade

#118
May 01, 2014, 01:29:17 AM
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/29/2014
Scan Time: 10:40:52 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.30.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Pam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 257480
Time Elapsed: 19 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




This is sure a short scan result!  < s >

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

zep516

#119
May 01, 2014, 11:07:18 PM
Is there an ESET Log here maybe, something does not look right.

C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).

See if you can find it, Donna's at wallmart again :)

Joe
You're only as safe as your last update.
Print
Go Up Pages 1 ... 6 7 8 9 10
User actions