Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37
  1. #21
    Member
    Join Date
    Feb 2015
    Posts
    32
    Points
    0

    Default

    And the ESET log:
    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=0ba7718832d9f04ba043236acd70488e
    # engine=22539
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2015-02-19 04:56:16
    # local_time=2015-02-18 11:56:16 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1='Microsoft Security Essentials'
    # compatibility_mode=5895 16777213 100 100 539093 118394986 0 0
    # scanned=997272
    # found=56
    # cleaned=0
    # scan_time=22587
    sh=6E31A6D60056AE0AA43DC0EF2501E0A83FF0C782 ft=1 fh=ec910ffbdbda110c vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
    sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoConverter\VideoConverter.exe.vir"
    sh=B0B26548D636CFADD954E4B3DFD30E8F2D61D487 ft=1 fh=5129ed505060d1fb vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\NativeMessaging\CT3220468\1_0_0_4\TBMessagingHost.exe.vir"
    sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\NativeMessaging\CT3220468\1_0_0_6\TBMessagingHost.exe.vir"
    sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\NativeMessaging\CT3220468\1_0_0_7\TBMessagingHost.exe.vir"
    sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
    sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
    sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Program Files (x86)\SuperOneClickv2.3.1-ShortFuse\Exploits\psneuter"
    sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Program Files (x86)\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
    sh=C8727F5012BF7C92EBE7971F65CC6001C6D82480 ft=1 fh=2888fda2cd8ab444 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Linda\Desktop\Downloads\CuteWriter.exe"
    sh=4CFD34D1C0963B226F17D799C6EF9A1957F957EA ft=1 fh=e04b377225a26b03 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Linda\Desktop\Downloads\MediaCoder-PMP-0.6.2.4275.exe"
    sh=CAC10E5287D26A0612A17C474280E23EBB7F1F10 ft=0 fh=0000000000000000 vn="Android/DroidRooter.B potentially unsafe application" ac=I fn="C:\Users\Linda\Documents\2012 SD card backup\download\GingerBreak-v1.20.apk"
    sh=8B4781FD83670521AE58C803E7CC7742C63344E8 ft=0 fh=0000000000000000 vn="a variant of Android/Inmobi.A potentially unsafe application" ac=I fn="C:\Users\Linda\Documents\2012 SD card backup\TitaniumBackup\com.rovio.angrybirdsrio-b9a2a5eef39ab02cf19ee494b5b5d9b7.apk.gz"
    sh=1487E43699FDAAE1CB6BB532D1F9E915E8A12F3C ft=0 fh=0000000000000000 vn="a variant of Android/Inmobi.A potentially unsafe application" ac=I fn="C:\Users\Linda\Documents\2012 SD card backup\TitaniumBackup\com.rovio.angrybirdsseasons-bfc621c28fc332db4d2fb3e22e513981.apk.gz"
    sh=CAC10E5287D26A0612A17C474280E23EBB7F1F10 ft=0 fh=0000000000000000 vn="Android/DroidRooter.B potentially unsafe application" ac=I fn="C:\Users\Linda\Documents\2013 March 8 Lindas SD Card Backup\download\GingerBreak-v1.20.apk"
    sh=8B4781FD83670521AE58C803E7CC7742C63344E8 ft=0 fh=0000000000000000 vn="a variant of Android/Inmobi.A potentially unsafe application" ac=I fn="C:\Users\Linda\Documents\2013 March 8 Lindas SD Card Backup\TitaniumBackup\com.rovio.angrybirdsrio-b9a2a5eef39ab02cf19ee494b5b5d9b7.apk.gz"
    sh=1487E43699FDAAE1CB6BB532D1F9E915E8A12F3C ft=0 fh=0000000000000000 vn="a variant of Android/Inmobi.A potentially unsafe application" ac=I fn="C:\Users\Linda\Documents\2013 March 8 Lindas SD Card Backup\TitaniumBackup\com.rovio.angrybirdsseasons-bfc621c28fc332db4d2fb3e22e513981.apk.gz"
    sh=0EEF7A4A89B1FF904D4F18F5C0A4B7C83C2F930C ft=1 fh=bdc70ffcbee8df02 vn="Win32/Adware.RegistryQuick application" ac=I fn="C:\Users\Linda\Documents\Downloads\RegistryQuick_setup.exe"
    sh=30EBF2132FB3AD4DD4C6B547EFAA3843DAD54B80 ft=0 fh=0000000000000000 vn="PHP/WebShell.NCA trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Joomladyshop\Tools_hacked.php"
    sh=4D0AE6FAAE6CA3014494446FEE6E3A481A422513 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Money\the_money_store_as_catalog\admin\includes\application_top.php"
    sh=0B82A13C45B8AEA95D33B698209A4F345966ABD5 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Money\the_money_store_as_catalog\includes\application_top.php"
    sh=597E73134C2396D3E5598ADC5799F200AD19A7E2 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Money\the_money_store_as_catalog\includes\header.php"
    sh=D4CEC7EF80DA6AF5BA8574D29ED7DBEEFE4233D0 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Money\the_money_store_as_catalog\includes\languages\english\cookie_usage.php"
    sh=AC6F5B93A38396B9B356E90CFBF4DFBBB59F4D34 ft=0 fh=0000000000000000 vn="PHP/Agent.NCC trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\webadmin.php"
    sh=1F78A2ECA9D15112177570BF1543443EC318B36E ft=0 fh=0000000000000000 vn="PHP/Agent.NCC trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\backups\web.20060318.zip"
    sh=E47BC218844840E2294E86E503F7B609D8A48979 ft=0 fh=0000000000000000 vn="PHP/Agent.NCC trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\backups\web.20060324.zip"
    sh=890C4C6443D80DAA003CA70134C0D7877B9BCBB4 ft=0 fh=0000000000000000 vn="PHP/Agent.NCC trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\backups\web.20060408.zip"
    sh=2882C71FC8BA553CD7CA1D037A01C8F5DC5D7F07 ft=0 fh=0000000000000000 vn="PHP/Agent.NCC trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\backups\web.20060324\auction\webadmin.php"
    sh=2882C71FC8BA553CD7CA1D037A01C8F5DC5D7F07 ft=0 fh=0000000000000000 vn="PHP/Agent.NCC trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\backups\web.20060408\auction\webadmin.php"
    sh=A44C350753212A9862976D5CA0CEBC53575DD5FD ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\gbook135\gbook.php"
    sh=2ACF7F0755D311D5C4823CF91DADE8FCCEC5A738 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\Odds and ins online osc store\gbook.php"
    sh=C6E1AB3B82174C21F468261CA07D5F009F035E18 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Odds&Ins\Odds and ins online osc store\gbook\gbook.php"
    sh=DE42234070EAF6C4EAEAD7B7CC3B34AFF72A14A2 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Quilters Woodwork\Current site\includes\languages\english\cookie_usage.php"
    sh=9FAF1EDDFD1EFAEE2A9D50B67C05FB96AF68B776 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E potentially unwanted application" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Quilters Woodwork\Hacked2014\includes\application_bottom.php"
    sh=6196EC7A887EC4A111B7E6A8E37677F9769AD912 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBV trojan" ac=I fn="C:\Users\Linda\Documents\My_Web_Sites\Quilters Woodwork\Hacked2014\includes\languages\english\cookie_usage.php"
    sh=9992285EEC8C499EFBFF3BF92EE9C23CEE57CFEE ft=1 fh=25bde5d51bb05400 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\advanced-systemcare-setup(1).exe"
    sh=9992285EEC8C499EFBFF3BF92EE9C23CEE57CFEE ft=1 fh=25bde5d51bb05400 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\advanced-systemcare-setup.exe"
    sh=46E60A6A816F50EFBA625236F88B8DF1C5E7208E ft=1 fh=7fa8ed44d13e9b97 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\ashampoo_burning_studio_2012_10.0.15_12284.exe"
    sh=D496E2522096908A6E7BF3F1CEA5C7AAFCF0D22D ft=1 fh=7ba62014470dc3f2 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\ashampoo_photo_commander_9_9.4.3_12294.exe"
    sh=753C1C1DE3123985637F433DE89B4373096B9FD8 ft=1 fh=3684f9451a728434 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\ashampoo_winoptimizer_2012_8.1.4_12323.exe"
    sh=4B9606B7AE1AFAB6228D96C5D9A9247B29056DFD ft=1 fh=fc5f1f6664d88bb2 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\Avery Wizard 4.0.0.exe"
    sh=47BD9CDB767DA544BA171051BB73892FE2DB863F ft=1 fh=538dead66d099a83 vn="multiple threats" ac=I fn="C:\Users\Linda\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe"
    sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\cbsidlm-cbsi183-Kindle_for_PC-ORG-75185974.exe"
    sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\ccsetup324.exe"
    sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\ccsetup501.exe"
    sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\ccsetup502.exe"
    sh=6F35616E4D0FD10568A4D312B60E4D8F88ADC3A4 ft=1 fh=01f90646dadebf2b vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\CuteWriter.exe"
    sh=1A1DFA61BE101943CB461FCACBB53B08BE1AFCF2 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\CuteWriter.zip"
    sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\DPSetup.exe"
    sh=4E62D0A7F7F31265B4A199067392BD9323BF1A23 ft=1 fh=367923a6eaaa99bf vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\FreeVideoFlipAndRotate.exe"
    sh=CAC10E5287D26A0612A17C474280E23EBB7F1F10 ft=0 fh=0000000000000000 vn="Android/DroidRooter.B potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\GingerBreak-v1.20.apk"
    sh=016E229D24A1270FF62DFE57D491267AFBC67EA1 ft=1 fh=b48811c120bcafa1 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\musicnotesSuite.exe"
    sh=0BF6577AABD8503AE34E7C155DB0642A6FF0D8AF ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application" ac=I fn="C:\Users\Linda\Downloads\PhotoCommander_8.zip"
    sh=3661383B652D80B662CDE4829A22A3FD7F803888 ft=1 fh=9461aa84922f14a9 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Linda\Downloads\PIP_AVR80_.exe"
    sh=0A26194258C4C8A86A3AD60901DA10174E097E09 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\Linda\Downloads\SuperOneClickv2.3.1-ShortFuse.zip"
    sh=02B63400D5BC82093A821BA6B1FABC529FAD9FB9 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\Linda\Downloads\SuperOneClickv2.3.3-ShortFuse.zip"

    Thanks!
    Linda

  2. #22
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello,

    Most of that are false positives. The bad stuff is already quarantined by AdwCleaner. That's why we ask to not remove found threats.

    Moving along;


    Please move Hijackthis to the desktop, it's currently in your downloads folder--> C:\Users\Linda\Downloads\HijackThis.exe. I want it to be here:
    C:\Users\Linda\Desktop\HijackThis.exe

    To do that:
    Navigate to your downloads folder, find Hijackthis, right click on it, choose cut.

    Then
    On the desktop find and empty space, right click and paste.

    Hijackthis will now have been moved to the desktop.

    We will use Hijackthis to stop so many unnecessary start up programs you have running. You must have a ton of icons in the task bar, each Icon represents a program running using up resources unnecessarily.

    Once Hijackthis is moved to the desktop;


    Right click on Hijackthis and choose "Run as adminstrator"
    This time do a system scan only.
    Place a check mark in the following entries:

    O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1424049257
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Monitor Ink Alerts - .lnk = ?
    O4 - Startup: Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk = ?
    O4 - Global Startup: PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe


    • Click fix checked
    • Close Hijackthis
    • Reboot the computer
    • Post a new hijackthis log


    Thanks
    Joe

  3. #23
    Member
    Join Date
    Feb 2015
    Posts
    32
    Points
    0

    Default

    Hi Joe,

    The following 3 items were not in the HijackThis log
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Monitor Ink Alerts - .lnk = ?

    Here's the latest HijackThis log from after fixing the suggested items - that I could find and then rebooting
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 9:55:41 PM, on 2/19/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17631)

    FIREFOX: 24.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\UnHackMe\hackmon.exe
    C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoCare.exe
    C:\Users\Linda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
    C:\Users\Linda\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\x86\NXIEHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\x86\NXToolBar.dll
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
    O4 - HKCU\..\Run: [WeatherEye] C:\Users\Linda\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    O4 - HKCU\..\Run: [HP Photosmart 7510 series (NET)] "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN236345VZ05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 13049 bytes

  4. #24
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello,


    Open first on the desktop, right click it, Run as administrator and;



    In the search box:

    Type: Google Chrome

    Then hit Search registry

    Wait for the search .txt log to finish could take a few mins. That log should open in front of you after search has finished, or it will save to desktop.

    Post the search.txt

  5. #25
    Member
    Join Date
    Feb 2015
    Posts
    32
    Points
    0

    Default

    OK - thanks Joe - I just ran the Search Registry with the FRST64 tool
    Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
    Ran by Linda at 2015-02-19 22:15:52
    Running from C:\Users\Linda\Desktop
    Boot Mode: Normal

    ================== Search Registry: "Google Chrome" ===========


    ====== End Of Search ======

  6. #26
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    So nothing was found ? Revo must have got rid of it all, I noticed you had run that,

    Time to check system files,

    System File Checker,
    System File Checker merely makes sure that all system files are where they should be. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
    Open an Elevated Command Prompt window. To do so, click Start, then type cmd in the Start Search box. In the results area, right-click cmd.exe, and then click Run as administrator. You will be prompted to type the password for an administrator account. Click Continue if you are the administrator or type the administrator password. Then, click Continue.

    At the command prompt, type the following command, sfc /scannow and then press ENTER.

    If system file checker finds an error please reboot and run it again.

    Let me know how it goes

  7. #27
    Member
    Join Date
    Feb 2015
    Posts
    32
    Points
    0

    Default

    Thanks Joe,

    I'm done for the night - didn't find anything...
    C:\Windows\system32>sfc /scannow

    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.

    Thanks,
    Linda

  8. #28
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    You're welcome, some questions for you.

    Looks like everything is cleaned up and we have as normal looking machine.

    The reason you uninstalled Chrome was a video problem, and you uninstalled it using revo uninstaller correct ?

    Can you explain to me what happens when you download Chrome and try to install it ?

    Is there anything else not working on the machine ?

    How long has advanced system care been installed ?

    Have you used a registry cleaner at all ?

    Thanks
    Joe

  9. #29
    Member
    Join Date
    Feb 2015
    Posts
    32
    Points
    0

    Default

    Hi Joe,

    Sorry - nothing has changed - Opera still is not responding on a regular basis and I get the same error from Google Chrome - Error 1 - and you've tried so hard to help!!! Do I have to reinstall Windows? could be tricky... sigh...

    Thanks,
    Linda

  10. #30
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello,
    Error 1, that's odd because it relates to an up date error, not an install error that I know of


    When you get a chance;

    Boot the computer to safemode with networking

    To do that:

    Restart your computer, during restart keep tapping the F8 Key, windows will boot into the Advanced Boot Options menu (Black screen with white letters) from the list using the arrow keys select Safemode with networking then hit enter on the keyboard. Let windows boot into the mode things will look different.

    Then

    See if chrome will install from this link only-->Chrome

    Joe

Page 3 of 4 FirstFirst 1234 LastLast