Trojan problem help ;((((

[REDACTED]

HI. I scan computer and me find several trojans  xddddd.
My computer super slow now help pls? ;((( 
I attach the logs here. Please and thank youuuuu!! 

[dbrisendine]

FIRST >>>>

You have parts of three different AV on your system.  The Sophos Clean program should be fine as it seems to be a on-demand scanner.  But the McAfee program has left parts everywhere.
Please download the MCPR utility from here and run it.  This will clean all of the McAfee settings, files and leftover drivers off your system.  Please make sure to reboot your system after
 running the tool before moving on to the second step.


SECOND >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Yahoo Search Set

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


LAST >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the Code box below.  To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy.  Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Code: [Select]

Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-743629707-2958908579-2824419147-1001 -> DefaultScope {F1FE4FBF-BC74-47EA-9655-28FEBFF03090} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160329&p={searchTerms}
SearchScopes: HKU\S-1-5-21-743629707-2958908579-2824419147-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-743629707-2958908579-2824419147-1001 -> {4B337583-48EB-4565-82B7-65FD88C3898C} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-743629707-2958908579-2824419147-1001 -> {F1FE4FBF-BC74-47EA-9655-28FEBFF03090} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160329&p={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
CHR Extension: (Google Drive) - C:\Users\mikey_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01]
CHR Extension: (Google Search) - C:\Users\mikey_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikey_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (Yahoo Partner) - C:\Users\mikey_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-08-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
S2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [X]
S3 aswVmm; \??\C:\Users\MIKEY_~1\AppData\Local\Temp\aswVmm.sys [X]
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
C:\Program Files (x86)\McAfee\SiteAdvisor
C:\Users\mikey_000\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\mikey_000\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\mikey_000\AppData\Local\Temp\nvStInst.exe
C:\Users\mikey_000\AppData\Local\Temp\SkypeSetup.exe
Task: {19AEA4B4-13B4-407C-90B9-B282FAF6D379} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1D8F3089-B1FB-4D46-8A2B-9EBFC4C187E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {26DDC8E9-9761-431C-B39F-16A16D1B4D23} - System32\Tasks\{4BADBB84-CB7B-A1D1-61C4-D65098711F0D} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\6021a6b4\56c19615.dll" <==== ATTENTION
Task: {272B21F9-6BC1-4890-B20F-FE36EEAF377D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2A56EAD1-2043-4C42-96E1-4EDE81085F33} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34AA88FC-C5BD-4DB9-A8AC-F9F26924540E} - \{0B0F7E47-040C-7F0D-0511-787F0B7E110E} -> No File <==== ATTENTION
C:\PROGRA~3\6021a6b4
Task: {3792E003-5453-4E32-AA89-770094C01562} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {381E86A8-EEC6-4B8E-BFF8-681584257999} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {965B4EA3-AF11-4378-A826-C3BDF108819B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9714C4D4-2656-4519-BF4A-585CCC5233FF} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {A1B066B1-8BC6-4A44-9442-C18E7C15FCED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A51A7D9D-4307-462A-8EA5-DD2D14C64706} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {C090E0E7-4419-4F03-AE9C-A8FB9496615C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C7EF4FE8-72A2-4D0D-86B6-D490CE0D4710} - \WPD\SqmUpload_S-1-5-21-743629707-2958908579-2824419147-1001 -> No File <==== ATTENTION
Task: {CFF7DE75-8931-4E32-9A6D-78DA7A2154EB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D2E14294-5EB7-4DE0-9815-8D15C888DB21} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F56B2DEC-3F54-4AF6-ABA7-CA4EDAD6797F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
IE trusted site: HKU\S-1-5-21-743629707-2958908579-2824419147-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-743629707-2958908579-2824419147-1001\...\webcompanion.com -> hxxp://webcompanion.com
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load. 

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post.  Also, tell me how your system is running now.

[REDACTED]

ok, i've done everything, looks like everything is ok. The most noticeable problem was that after a few minutes of having the computer on, all windows would freeze and my computer would crash. i have the log attached here. Is there anything else that I need to do? thanks a ton!!

[dbrisendine]

If you can now run the system is Normal boot mode (not Safe Mode at all) then please run a fresh FRST scan.

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by double clicking it.

The tool will start to run.  When the tool opens click Yes to disclaimer. (if it does)

Allow it check for a new version; the tool will inform you when it is ready to run.

Select Additional.txt in the Optional Scans section of FRST64.

Press Scan button.

It will make two logs (FRST.txt and Addition.txt) on your Desktop. Please attach the logs in your reply back.

Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file.  FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file.

[REDACTED]

here are the 2 logs you asked for, thanks again
 

[Eddy]

You attached the wrong log.
fixlog.txt while it should be FRST.txt

[dbrisendine]

There should be a FRST.txt file on your desktop or, in C:\FRST\Logs, there is a copy named FRST_date_time.txt.  Please post the latest one of those if you do not see one on your desktop.

[REDACTED]

oh i'm sorry is this the right one?

[dbrisendine]

Thank you; that is the correct file.


Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the Code box below.  To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy.  Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Code: [Select]

Start
CreateRestorePoint:
CloseProcesses:
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
S2 McBootDelayStartSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]
C:\Program Files\Common Files\McAfee
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
C:\Windows\System32\drivers\mfeaack.sys
C:\Windows\System32\DRIVERS\mfencrk.sys
2016-08-09 15:18 - 2016-05-04 14:03 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 15:18 - 2016-05-04 14:03 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-12 18:54 - 2016-06-12 18:54 - 0000016 _____ () C:\ProgramData\mntemp
Task: {62BBB887-AECC-4FAC-AB66-148D160F7F8A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
Task: {8B2F4220-DAC4-46DC-88D5-16969D17FAAE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {95791A6D-CF1B-4AA8-93CA-76D0672783C0} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\PROGRA~1\COMMON~1\McAfee
Task: {F6CB74FD-D75A-44C8-B3D5-411860289512} - System32\Tasks\{E12D2E07-2606-4EC9-AD77-A521CC7327B7} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.22.85.109/en/abandoninstall?page=tsProgressBar
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by double clicking on the FRST64.exe file.  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load. 

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post.  Also, tell me how your system is running now.

[REDACTED]

ok here is the log thanks agaiinINAIni!!!

[dbrisendine]

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:


Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this


On reboot (if one is needed) a log will be produced; please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt


Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Also, please tell me how your system is running now.  Thanks.