Hi everybody,
For the record, if I am not mistaken, MBAM3 is not an AV unless you have the paid version like Lady Fitzgerald has, otherwise it does not run in realtime and is only a second hand scanner that must be executed manually. The paid version is supposed to play well along side any other AV as a second layer of realtime protection.
I think I read that you uninstalled Malwarebytes? If not, please attach the logs so we can see the 36 PUP's that it has been finding.
bigmck? Did you download WeatherBug intentionally?
Task: {06F75BBE-8156-4B85-9EA0-97DDC91475B4} - System32\Tasks\{B6FFA501-E300-4C95-BC8D-3971D890F9EE} => C:\Windows\system32\pcalua.exe -a C:\Users\Jim\Desktop\WeatherBugSetup.exe -d C:\Users\Jim\Desktop
Task: {45E5D37F-0334-441E-853B-19014301465C} - System32\Tasks\{CC802FEB-6364-45B2-A2E9-B26FEAAE3700} => C:\Windows\system32\pcalua.exe -a D:\Downloads\WeatherBugSetup.exe -d D:\Downloads
WeatherBug is and ad serving software that is considered PUP/Adware because it is usually bundled along with legit software that is downloaded and can generate pop-up advertisements in the browser it attaches to. Back in the day SuperAntiSpyware used to target it as a threat, or was that Spyware Blaster. Sorry, my memory fails me since it has been quite some time since I uninstalled it.
The following two programs are severely outdated. Older versions of software have vulnerabilities that malware can use to infect your system. Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed properly. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises that it is needed.
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
If you decide that you do need Java, you can dowload the most recent version from
here.
As for the Hosts file. Found the following in the FRST log:
Hosts: Hosts file not detected in the default directory
Any idea what might have happened to it? We'll do a search of the default location to see what's up. I am sure it will not be found but still want to see.
There are a few orphaned files etc that can be removed and we're going to empty those temp files. Please do as follows:
- Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
- Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
- Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-2284772-1736933989-2242282106-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S3 ALSysIO; \??\C:\Users\Jim\AppData\Local\Temp\ALSysIO.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
CustomCLSID: HKU\S-1-5-21-2284772-1736933989-2242282106-1000_Classes\CLSID\{48AC0584-909B-42D6-BD5F-83124C096669}\InprocServer32 -> no filepath
Folder: C:\WINDOWS\system32\drivers\etc
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
- Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
- The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please attach it to your reply. DO NOT paste into reply box. It might be too long.
