Yet Again, More Logs

Did this machine owner knowingly install the below software?

Itibiti RTC

I'd like you to run another scan with Malware Bytes and let it remove anything it finds.


Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\Software\SECURITYUTILITY -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\Software\WEBBAR -> Found
• [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SECURITYUTILITY -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\csrcc -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WBSVC -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\csrcc -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WBSVC -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

and the same for this on the Tasks tab...

• [PUP] %WINDIR%\Tasks\LUWNMMO1.job -- C:\ProgramData\SecurityUtility\SecurityUtility.exe -> Found

and these, on the Files tab....

• 
  
• [Hidden.ADS][Stream] C:\Windows\System32:Win32App_1 -> Found
• [PUP][Folder] C:\Program Files (x86)\B18A1C00-1454756770-81E1-2525-C8600003A27B -> Found
• [PUP][Folder] C:\Program Files (x86)\B18A1C00-1454758098-81E1-2525-C8600003A27B -> Found
• [PUP][Folder] C:\Program Files (x86)\SearchProtect -> Found

and finally this too on Web Browsers tab...

• [PUP][FIREFX:Addon] rkeecbng.default : Consumer Input [ConsumerInput@Compete] -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\ProgramData\66d9ad91-4093-1
C:\ProgramData\66d9ad91-6657-0
C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
C:\Program Files (x86)\SearchProtect
C:\WINDOWS\tasks\LUWNMMO1.job
C:\WINDOWS\system32\tasks\LUWNMMO1
:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




Download Cleano 1.31

Download it to your desktop, Right click the cleano.exe file and run as admin > and place check marks in the boxes as follows (click on link below to see image)

View attachment 148092
Click clean now and exit the program.


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now re run RogueKiller, just a scan and upload new log.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

That did not answer my question.... was the software I mentioned installed knowingly or not?

 

Good evening.


Itibiti RTC <<< Uninstall this

Re run RogueKiller, remove this entry on the registry tab:

• [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found

What is this??

C:\WINDOWS\SysWOW64\Number of results


NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.
Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Please attach the above two log first before you continue with the below.
Also at this point, I want to double check the status of things by having you run another scan with FRST like in my last message and attach the new FRST.txt and Addition.txt logs.

Explain how things are running please.