Author Topic: WIN32:Enistery found - slowing down my PC in all applications ? HELP NEEDED !!  (Read 115443 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hello...my PC has started to act VERY STRANGE and lethargic and it is quite an endeavor to just get it to go to any websites.  I ran your AVAST DETECTION SCAN and the results said I had ONE VIRUS, namely:  Win32:Enistery - but it did NOT tell me if it was quarantined, if it was removed or where it is and how to I get RID OF IT on my PC.  I cleaned my cache and ran CCleaner and rebooted, but STILL it seems that in the "address bar" there seems to be a lot of letters and symbols after I add the website address and it seems to be taking almost a MINUTE to go to any site !!  Please help me with this problem and tell me what I can do to eradicate any and all malware that has invaded my PC !!  yosoy4ever   Thursday  January 8, 2015 at 12:12 pm est

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select  additions at the bottom
  • Press Scan button.

  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please attach both logs generated.

REDACTED

  • Guest
My Norton Internet Security WILL NOT LET ME DOWNLOAD this Farbar link - I keep getting a pop up telling me that it is a THREAT...what do I do now ?  thanks,  Sue

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Temporarily disable Norton, the programme is safe

REDACTED

  • Guest
HERE ARE THE TWO LOGS below as attachments, as they were both TOO LARGE to just copy and paste per your system - THE FIRST ONE I FORGOT TO CHECK OFF "ADDITIONS" AND THE SECOND ONE i DID...thanks,  Sue

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Could you let me know if this stops the alerts

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-4200233565-3368421019-1326646657-1002] => http=127.0.0.1:49161;https=127.0.0.1:49161
URLSearchHook: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 - Default Value = {4219427b-0228-4356-a78b-eb7668d37d07}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL =
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Task: {03B0614E-92A6-4907-910C-ECD3E7B0163D} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {1DD5498E-C788-48F4-90C7-DF5F207EA9E7} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {9C2E09D8-F0ED-4526-BA6E-F989236B92F2} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
C:\Users\DELL\DOSXPRES.EXE
C:\Users\DELL\EXPRESS.EXE
C:\Users\DELL\PRIMOSDK.DLL
C:\Users\DELL\PX.DLL
C:\Users\DELL\PXCPYA64.EXE
C:\Users\DELL\PXCPYI64.EXE
C:\Users\DELL\PXDRV.DLL
C:\Users\DELL\PXHPINST.EXE
C:\Users\DELL\PXINSA64.EXE
C:\Users\DELL\PXINSI64.EXE
C:\Users\DELL\PXMAS.DLL
C:\Users\DELL\PXSETUP.EXE
C:\Users\DELL\PXWAVE.DLL
C:\Users\DELL\P_ESCG.DAT
C:\Users\DELL\SYSINFO.DAT
C:\Users\DELL\USBS3KB.REG
C:\Users\DELL\VBRUN300.DLL
C:\Users\DELL\VXBLOCK.DLL
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED

  • Guest
I was UNABLE to save where avastui.exe is located - what do I do now to be allowed to save it ?  avastui.exe is located in:  computer/os(c:)/program files/AVAST Software/AVAST - BUT IT DOES NOT LET ME SAVE THIS NEW fixlist.txt there ?  let me know,  thanks, Sue

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
You need to save the fixlist in the same location as FRST as it has nothing to do with Avast :)

REDACTED

  • Guest
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by NewDesktop_3_2010 at 2015-01-09 12:10:49 Run:2
Running from C:\Users\NewDesktop_3_2010\Downloads
Loaded Profile: NewDesktop_3_2010 (Available profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-4200233565-3368421019-1326646657-1002] => http=127.0.0.1:49161;https=127.0.0.1:49161
URLSearchHook: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 - Default Value = {4219427b-0228-4356-a78b-eb7668d37d07}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL =
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Task: {03B0614E-92A6-4907-910C-ECD3E7B0163D} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {1DD5498E-C788-48F4-90C7-DF5F207EA9E7} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {9C2E09D8-F0ED-4526-BA6E-F989236B92F2} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
C:\Users\DELL\DOSXPRES.EXE
C:\Users\DELL\EXPRESS.EXE
C:\Users\DELL\PRIMOSDK.DLL
C:\Users\DELL\PX.DLL
C:\Users\DELL\PXCPYA64.EXE
C:\Users\DELL\PXCPYI64.EXE
C:\Users\DELL\PXDRV.DLL
C:\Users\DELL\PXHPINST.EXE
C:\Users\DELL\PXINSA64.EXE
C:\Users\DELL\PXINSI64.EXE
C:\Users\DELL\PXMAS.DLL
C:\Users\DELL\PXSETUP.EXE
C:\Users\DELL\PXWAVE.DLL
C:\Users\DELL\P_ESCG.DAT
C:\Users\DELL\SYSINFO.DAT
C:\Users\DELL\USBS3KB.REG
C:\Users\DELL\VBRUN300.DLL
C:\Users\DELL\VXBLOCK.DLL
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Error: (0) Failed to create a restore point.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B6DF038-D9DD-484B-B484-F20DAD050321}" => Key deleted successfully.
HKCR\CLSID\{5B6DF038-D9DD-484B-B484-F20DAD050321} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03B0614E-92A6-4907-910C-ECD3E7B0163D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03B0614E-92A6-4907-910C-ECD3E7B0163D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DD5498E-C788-48F4-90C7-DF5F207EA9E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DD5498E-C788-48F4-90C7-DF5F207EA9E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\IHUninstallTrackingTASK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C2E09D8-F0ED-4526-BA6E-F989236B92F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C2E09D8-F0ED-4526-BA6E-F989236B92F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task" => Key deleted successfully.
C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_0favicon-2079221766" ADS removed successfully.
C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_1favicon1313128964" ADS removed successfully.
C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_2favicon-2092717923" ADS removed successfully.
C:\Users\DELL\DOSXPRES.EXE => Moved successfully.
C:\Users\DELL\EXPRESS.EXE => Moved successfully.
C:\Users\DELL\PRIMOSDK.DLL => Moved successfully.
C:\Users\DELL\PX.DLL => Moved successfully.
C:\Users\DELL\PXCPYA64.EXE => Moved successfully.
C:\Users\DELL\PXCPYI64.EXE => Moved successfully.
C:\Users\DELL\PXDRV.DLL => Moved successfully.
C:\Users\DELL\PXHPINST.EXE => Moved successfully.
C:\Users\DELL\PXINSA64.EXE => Moved successfully.
C:\Users\DELL\PXINSI64.EXE => Moved successfully.
C:\Users\DELL\PXMAS.DLL => Moved successfully.
C:\Users\DELL\PXSETUP.EXE => Moved successfully.
C:\Users\DELL\PXWAVE.DLL => Moved successfully.
C:\Users\DELL\P_ESCG.DAT => Moved successfully.
C:\Users\DELL\SYSINFO.DAT => Moved successfully.
C:\Users\DELL\USBS3KB.REG => Moved successfully.
C:\Users\DELL\VBRUN300.DLL => Moved successfully.
C:\Users\DELL\VXBLOCK.DLL => Moved successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{AC3D27A7-0AAD-4CA0-801B-3CD99BAFB86A} canceled.
{DE285BA8-0BD5-41BE-B6A7-7F48C4F05219} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 160.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:11:42 ====



 AdwCleaner v4.107 - Report created 09/01/2015 at 12:35:05
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NewDesktop_3_2010 - NEWDESKTOP_3_10
# Running from : C:\Users\NewDesktop_3_2010\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\TidyNetwork
Folder Found : C:\ProgramData\FileCure
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\NewDesktop_3_2010\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.8
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [1286 octets] - [18/02/2014 08:56:46]
AdwCleaner[R1].txt - [3421 octets] - [09/01/2015 12:35:05]
AdwCleaner[S0].txt - [1362 octets] - [18/02/2014 10:00:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3541 octets] ##########






REDACTED

  • Guest
here is the LOG after I hit CLEAN:

# AdwCleaner v4.107 - Report created 09/01/2015 at 12:46:42
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NewDesktop_3_2010 - NEWDESKTOP_3_10
# Running from : C:\Users\NewDesktop_3_2010\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.8

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [1286 octets] - [18/02/2014 08:56:46]
AdwCleaner[R1].txt - [3645 octets] - [09/01/2015 12:35:05]
AdwCleaner[S0].txt - [1362 octets] - [18/02/2014 10:00:54]
AdwCleaner[S1].txt - [3374 octets] - [09/01/2015 12:46:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3434 octets] ##########

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
How is the computer behaving now ?

REDACTED

  • Guest
NO appreciable change, still slow and lethargic, and I noted when I type in a web address and hit ENTER....two or three new window tabs OPEN UP for the same website I want to go to ?  Also, I keep getting a RED X pop up from Norton, telling me that there is SUSPICIOUS ACTIVITY on my PC and it is:  WS.Reputation.1 - I have NOT seen that before ...ever.  Any additional things I need to do ? thanks,  Sue

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Aye lets try a bigger hammer

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

REDACTED

  • Guest
PC still acting slowly - will send you THIS LOG and then reboot and see if there is any CHANGE noted...thanks, let me know what I need to do next.....Sue

this is an ATTACHMENT, AS THE FILE WAS TOO LONG and your system would NOT let me copy and paste:

REDACTED

  • Guest
ComboFix 15-01-08.01 - NewDesktop_3_2010 01/09/2015  16:05:25.4.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1988 [GMT -5:00]
Running from: c:\users\NewDesktop_3_2010\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NewDesktop_3_2010\Documents\~WRL0005.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL0006.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL0895.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL1028.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL1431.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL1556.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL1702.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL1870.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL2756.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL2953.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3188.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3351.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3443.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3569.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3575.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3576.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3616.tmp
c:\users\NewDesktop_3_2010\Documents\~WRL3892.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-09 to 2015-01-09  )))))))))))))))))))))))))))))))
.
.
2015-01-09 21:29 . 2015-01-09 21:29   --------   d-----w-   c:\users\Public\AppData\Local\temp
2015-01-09 21:29 . 2015-01-09 21:29   --------   d-----w-   c:\users\Lexmark\AppData\Local\temp
2015-01-09 21:29 . 2015-01-09 21:29   --------   d-----w-   c:\users\DELL\AppData\Local\temp
2015-01-09 21:29 . 2015-01-09 21:29   --------   d-----w-   c:\users\DefaultAppPool\AppData\Local\temp
2015-01-09 21:29 . 2015-01-09 21:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-01-09 21:29 . 2015-01-09 21:29   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2015-01-07 21:58 . 2015-01-07 21:58   --------   d-----w-   c:\program files (x86)\Common Files\Java
2015-01-07 21:57 . 2015-01-07 21:57   98216   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-07 18:42 . 2015-01-07 18:42   --------   d-----w-   c:\users\NewDesktop_3_2010\AppData\Roaming\AVAST Software
2015-01-07 18:41 . 2015-01-07 18:40   116728   ----a-w-   c:\windows\system32\drivers\aswStm.sys
2015-01-07 18:41 . 2015-01-07 18:40   436624   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2015-01-07 18:41 . 2015-01-07 18:40   267632   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2015-01-07 18:41 . 2015-01-07 18:40   65776   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2015-01-07 18:41 . 2015-01-07 18:41   87912   ----a-w-   c:\windows\system32\drivers\aswmonflt.sys
2015-01-07 18:41 . 2015-01-07 18:40   29208   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2015-01-07 18:41 . 2015-01-07 18:40   93568   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2015-01-07 18:40 . 2015-01-07 18:41   1050432   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2015-01-07 18:40 . 2015-01-07 18:40   364512   ----a-w-   c:\windows\system32\aswBoot.exe
2015-01-07 18:40 . 2015-01-07 18:40   43152   ----a-w-   c:\windows\avastSS.scr
2015-01-07 18:40 . 2015-01-07 18:40   --------   d-----w-   c:\program files\AVAST Software
2015-01-07 18:39 . 2015-01-07 18:40   --------   d-----w-   c:\programdata\AVAST Software
2014-12-30 21:36 . 2014-12-30 21:51   --------   d-----w-   c:\program files (x86)\AirDroid
2014-12-28 15:57 . 2015-01-02 18:29   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 15:56 . 2014-11-21 11:14   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-12-28 15:56 . 2014-11-21 11:14   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 15:56 . 2014-11-21 11:14   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-12-28 15:56 . 2014-12-28 15:56   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-11 16:49 . 2015-01-01 17:47   --------   d-----w-   c:\program files\oneworldflights
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-28 15:46 . 2013-05-02 18:52   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-28 15:46 . 2013-05-02 18:52   701616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 08:02 . 2010-04-15 11:11   112710672   ----a-w-   c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-10 04:34   413184   ----a-w-   c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 04:34   741376   ----a-w-   c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 04:34   396800   ----a-w-   c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 04:34   830976   ----a-w-   c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 04:34   192000   ----a-w-   c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 04:34   227328   ----a-w-   c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 04:34   1083392   ----a-w-   c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 04:34   1232040   ----a-w-   c:\windows\system32\aitstatic.exe
2014-11-24 22:12 . 2014-12-10 04:34   17874432   ----a-w-   c:\windows\system32\mshtml.dll
2014-11-24 21:59 . 2014-12-10 04:34   448512   ----a-w-   c:\windows\system32\html.iec
2014-11-24 21:54 . 2014-12-10 04:34   10921984   ----a-w-   c:\windows\system32\ieframe.dll
2014-11-24 21:53 . 2014-12-10 04:34   2339840   ----a-w-   c:\windows\system32\jscript9.dll
2014-11-24 21:47 . 2014-12-10 04:34   1388032   ----a-w-   c:\windows\system32\urlmon.dll
2014-11-24 21:47 . 2014-12-10 04:34   1392128   ----a-w-   c:\windows\system32\wininet.dll
2014-11-24 21:45 . 2014-12-10 04:34   1494016   ----a-w-   c:\windows\system32\inetcpl.cpl
2014-11-24 21:45 . 2014-12-10 04:34   237056   ----a-w-   c:\windows\system32\url.dll
2014-11-24 21:45 . 2014-12-10 04:34   86016   ----a-w-   c:\windows\system32\jsproxy.dll
2014-11-24 21:44 . 2014-12-10 04:34   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2014-11-24 21:44 . 2014-12-10 04:34   599040   ----a-w-   c:\windows\system32\vbscript.dll
2014-11-24 21:44 . 2014-12-10 04:34   2157056   ----a-w-   c:\windows\system32\iertutil.dll
2014-11-24 21:44 . 2014-12-10 04:34   816640   ----a-w-   c:\windows\system32\jscript.dll
2014-11-24 21:44 . 2014-12-10 04:34   729088   ----a-w-   c:\windows\system32\msfeeds.dll
2014-11-24 21:44 . 2014-12-10 04:34   453120   ----a-w-   c:\windows\system32\dxtmsft.dll
2014-11-24 21:44 . 2014-12-10 04:34   282112   ----a-w-   c:\windows\system32\dxtrans.dll
2014-11-24 21:44 . 2014-12-10 04:34   55296   ----a-w-   c:\windows\system32\msfeedsbs.dll
2014-11-24 21:44 . 2014-12-10 04:34   11264   ----a-w-   c:\windows\system32\msfeedssync.exe
2014-11-24 21:43 . 2014-12-10 04:34   96768   ----a-w-   c:\windows\system32\mshtmled.dll
2014-11-24 21:43 . 2014-12-10 04:34   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2014-11-24 21:43 . 2014-12-10 04:34   12800   ----a-w-   c:\windows\system32\mshta.exe
2014-11-24 21:42 . 2014-12-10 04:34   248320   ----a-w-   c:\windows\system32\ieui.dll
2014-11-24 20:44 . 2014-12-10 04:34   367104   ----a-w-   c:\windows\SysWow64\html.iec
2014-11-24 20:40 . 2014-12-10 04:34   1810944   ----a-w-   c:\windows\SysWow64\jscript9.dll
2014-11-24 20:35 . 2014-12-10 04:34   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2014-11-24 20:34 . 2014-12-10 04:34   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2014-11-24 20:33 . 2014-12-10 04:34   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2014-11-24 20:33 . 2014-12-10 04:34   421376   ----a-w-   c:\windows\SysWow64\vbscript.dll
2014-11-24 20:32 . 2014-12-10 04:34   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2014-11-24 20:32 . 2014-12-10 04:34   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2014-11-11 03:09 . 2014-12-10 04:33   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 15:32   241152   ----a-w-   c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 15:32   728064   ----a-w-   c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 04:33   1230336   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 15:32   186880   ----a-w-   c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:32   550912   ----a-w-   c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 04:33   119296   ----a-w-   c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 04:33   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 04:33   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 04:33   165888   ----a-w-   c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 04:33   155136   ----a-w-   c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 01:30   77824   ----a-w-   c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 01:30   67584   ----a-w-   c:\windows\SysWow64\packager.dll
2014-10-20 19:27 . 2014-10-20 19:27   632   ----a-w-   c:\windows\system32\cc_20141020_152730.reg
2014-10-20 19:26 . 2014-10-20 19:26   30494   ----a-w-   c:\windows\system32\cc_20141020_152646.reg
2014-10-18 02:05 . 2014-11-12 01:30   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-10 08:00   4121600   ----a-w-   c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 01:30   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 08:00   3209728   ----a-w-   c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 01:32   155064   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 01:32   683520   ----a-w-   c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 01:30   3241984   ----a-w-   c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 01:32   1460736   ----a-w-   c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 01:32   146432   ----a-w-   c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 01:32   681984   ----a-w-   c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 01:32   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 01:30   2363904   ----a-w-   c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 01:32   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 01:32   146432   ----a-w-   c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 01:32   681984   ----a-w-   c:\windows\SysWow64\adtschema.dll