Malwarebytes detected 40+ items, I'm afraid to remove them.

[chrmdfreak]

Hello! I'm new to this forum. 

 

I need assistance on removing the detected items that are detected by malwarebytes.

I'm afraid to delete some of them knowing that my laptop won't boot normally the next time I turn it on.

 

I have attached the log file from the scan. 

 

Thank you in advance for your help

MBAM-log-2014-01-01 (21-23-01).txt

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin...

[chrmdfreak]

Here is the produced log from Malwarebytes. (attached)

 

Sorry I didn't reply any sooner, your site seems down most of the time I try to access it. 

mbam-log-2014-01-02 (08-21-37).txt

[chrmdfreak]

Here are the produced logs from the first run of  Farbar Recovery Scan Tool 

 

Thank you for your prompt help!

Addition.txt

FRST.txt

[chrmdfreak]

 

Hello and 

 

P2P/Piracy Warning:

 

 

 

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

•  

   

• Double-click to run it. When the tool opens click Yes to disclaimer.

   

   

• Press Scan button.

   

   

• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

   

   

• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

   

   

 

 

Kevin...

 

 

I did what you asked. What's next?

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Uninstall the following:

µTorrent
YoutubeAdblocker
YoutubeBookmark

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

 

•  

   

• Double click on AdwCleaner.exe to run the tool.

   

   

• Vista/Windows 7/8 users right-click and select Run As Administrator

   

   

• Click on the Scan button.

   

   

• AdwCleaner will begin...be patient as the scan may take some time to complete.

   

   

• When it's done you'll see: Pending: Uncheck any elements you don't want removed.

   

   

• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

   

   

• Look over the log especially under Files/Folders for any program you want to save.

   

   

• If there's a program you want to save, just uncheck it from AdwCleaner.

   

   

• If you're not sure, post the log for review.

   

   

• If you're ready to clean it all up.....click the Clean button.

   

   

• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

   

   

• Copy and paste the contents of that logfile in your next reply.

   

   

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

   

   

• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

   

   

• To restore an item that has been deleted (if necessary):

   

   

• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

   

   

 

 

Next,

 

Run an online AV scan, this scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

 

•  

   

• Turn off the real time scanner of any existing antivirus program while performing the online scan

   

   

• click on the Run ESET Online Scanner button

   

   

• Tick the box next to YES, I accept the Terms of Use.

   

  Click Start

   

• When asked, allow the add/on to be installed

   

  Click Start

   

• Make sure that the option Remove found threats is unticked

   

   

• Click on Advanced Settings, ensure the options

   

   

• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

   

  Click Scan

   

• wait for the virus definitions to be downloaded

   

   

• Wait for the scan to finish

   

   

 

 

When the scan is complete

 

 

•  

   

• If no threats were found

   

   

• put a checkmark in "Uninstall application on close"

   

   

• close program

   

   

• report to me that nothing was found

   

   

 

 

If threats were found

 

 

•  

   

• click on "list of threats found"

   

   

• click on "export to text file" and save it as ESET SCAN and save to the desktop

   

   

• Click on back

   

   

• put a checkmark in "Uninstall application on close"

   

   

• click on finish

   

   

 

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin...

 

 

 

 

fixlist.txt

[chrmdfreak]

Where can i find the attached fixlist.txt ? It's not in your post. Sorry I'm not quite the techie. 

[kevinf80]

Not sure what happened, I thought the file was attached. OK if you check last reply i`ve attached fixlist.txt again.. Apologies...

[chrmdfreak]

Not sure what happened, I thought the file was attached. OK if you check last reply i`ve attached fixlist.txt again.. Apologies...

 

No worries. At least you are helping me. Will try these steps now. Thank you very much.

[chrmdfreak]

Here's the fixlog. 

Fixlog.txt

[kevinf80]

Thanks for the FRST log, ESET scan will take awhile....

[chrmdfreak]

Hello. I'm not sure what to clean at the REGISTRY SECTION, as I'm afraid I might delete something that is important. 

here's the file. 

AdwCleanerR0.txt

[chrmdfreak]

Thanks for the FRST log, ESET scan will take awhile....

About the ESET scan, I uninstalled Internet explorer a while back. Should I have it reinstalled again?

[chrmdfreak]

It's 9:45 PM here, and I was wondering how long does the ESET scan normally run? It's almost midnight and that's the time that our internet will be shut off. 

[chrmdfreak]

HERE is my log after AdwCleaner, Clean/Deleted the things that needed to be deleted. 

 

 

# AdwCleaner v3.016 - Report created 03/01/2014 at 00:32:54

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Professional  (32 bits)

# Username : SamJr - SAMJR-PC

# Running from : D:\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\QuickSet

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\ProgramData\YoutubeAdblocker

Folder Deleted : C:\ProgramData\ExstraCoupoN

Folder Deleted : C:\ProgramData\JeOniCoupoNN

Folder Deleted : C:\ProgramData\surf and  Keep

Folder Deleted : C:\Program Files\Sk_Enhancer

Folder Deleted : C:\Program Files\YoutubeAdblocker

Folder Deleted : C:\Program Files\surf and  Keep

Folder Deleted : C:\Users\SamJr\AppData\Local\Babylon

Folder Deleted : C:\Users\SamJr\AppData\Local\Pokki

Folder Deleted : C:\Users\SamJr\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\SamJr\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\SamJr\AppData\LocalLow\Conduit

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Classes\pokki

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Classes\and

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16476

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Google Chrome v

 

[ File : C:\Users\SamJr\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7229 octets] - [02/01/2014 21:12:40]

AdwCleaner[s0].txt - [7327 octets] - [03/01/2014 00:32:54]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7387 octets] ##########

[kevinf80]

Time taken to run ESET is dependent on the size of your system, amount of data etc etc... difficult to estimate...

[chrmdfreak]

Here is my ESET SCAN.

 

C:\AdwCleaner\Quarantine\C\Users\SamJr\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F application

C:\AdwCleaner\Quarantine\C\Users\SamJr\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E application

C:\AdwCleaner\Quarantine\C\Users\SamJr\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H application

C:\FRST\Quarantine\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\FRST\Quarantine\CheatEngine61Clean.exe a variant of Win32/HackTool.CheatEngine.AB application

C:\FRST\Quarantine\ietA13E.tmp.exe a variant of Win32/Toolbar.Conduit.B application

C:\FRST\Quarantine\MyBabylonTB.exe Win32/Toolbar.Babylon application

C:\FRST\Quarantine\tbuTor.dll a variant of Win32/Toolbar.Conduit.B application

C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application

C:\Program Files\Rovio\Angry Birds\Patch.exe a variant of Win32/HackTool.Patcher.U application

C:\ProgramData\InstallMate\{60B2967C-D21D-42D6-A41A-7B29C8FA0A5E}\Custom.dll Win32/InstalleRex.L application

C:\ProgramData\InstallMate\{E6921C60-CD5E-43B4-A578-646A4EDA8042}\Custom.dll Win32/InstalleRex.L application

C:\Users\All Users\InstallMate\{60B2967C-D21D-42D6-A41A-7B29C8FA0A5E}\Custom.dll Win32/InstalleRex.L application

C:\Users\All Users\InstallMate\{E6921C60-CD5E-43B4-A578-646A4EDA8042}\Custom.dll Win32/InstalleRex.L application

C:\Users\SamJr\AppData\Local\Temp\0AF03F90-BAB0-7891-9BDC-6FB0BDDA3245\BExternal.dll a variant of Win32/Toolbar.Babylon.F application

C:\Users\SamJr\AppData\Local\Temp\0AF03F90-BAB0-7891-9BDC-6FB0BDDA3245\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E application

C:\Users\SamJr\AppData\Local\Temp\0AF03F90-BAB0-7891-9BDC-6FB0BDDA3245\Setup.exe a variant of Win32/Toolbar.Babylon.H application

C:\Users\SamJr\AppData\Local\Temp\ICReinstall\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application

C:\Users\SamJr\AppData\Local\Temp\NERO13349\Toolbar.exe Win32/Toolbar.AskSBar application

C:\Windows\System32\cmmncliM.dll Win32/BHO.OEY trojan

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31SBHNQK\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe a variant of Win32/Bunndle application

C:\Windows\Temp\Temporary Internet Files\Content.IE5\7ZJVWZPR\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

D:\Downloads\Chad\Installers\Win7\Tools\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application

[chrmdfreak]

Here's my checkup.txt

 

 Results of screen317's Security Check version 0.99.78  

 Windows 7  x86 (UAC is disabled!)  

 Out of date service pack!! 

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Internet Security   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 26  

 Java 7 Update 21  

 Java SE Development Kit 7 Update 7 

 Java version out of Date! 

 Adobe Flash Player 11.9.900.170  

 Adobe Reader XI  

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 

 

[kevinf80]

Run the following:

 

Run the MGA Diagnostic Tool and post back the report it creates:

• 
  

Download MGADiag from here: [urlhttp://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

 

Next,

 

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important - Save it to your desktop.

Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).

Give permission if necessary, and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved. Please run the program once only.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

Post both logs..

[chrmdfreak]

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

 

Validation Code: 0x8004FE21

Cached Online Validation Code: N/A, hr = 0x80070422

Windows Product Key: *****-*****-CM74G-RPHKF-PW487

Windows Product Key Hash: 71BRYMECVaSXedfumfu8zryHJVY=

Windows Product ID: 00371-177-0000061-85899

Windows Product ID Type: 5

Windows License Type: Retail

Windows OS version: 6.1.7600.2.00010100.0.0.048

ID: {FD9E082F-8CC5-41B2-94FD-A0683BAF83E6}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Professional

Architecture: 0x00000000

Build lab: 7600.win7_gdr.130318-1532

TTS Error: 

Validation Diagnostic: 

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

 

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Users\SamJr\AppData\Local\Google\Chrome\Application\chrome.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{FD9E082F-8CC5-41B2-94FD-A0683BAF83E6}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PW487</PKey><PID>00371-177-0000061-85899</PID><PIDType>5</PIDType><SID>S-1-5-21-1776606770-2753058801-2514309579</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20059                           </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>29CN31WW(V2.08)</Version><SMBIOSVersion major="2" minor="6"/><Date>20100907000000.000000+000</Date></BIOS><HWID>64963E07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

 

Spsys.log Content: 0x80070002

 

Licensing Data-->

On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070422' to display the error text.

Error: 0x80070422 

 

Windows Activation Technologies-->

HrOffline: 0x8004FE21

HrOnline: N/A

HealthStatus: 0x0001000000000000

Event Time Stamp: 10:9:2013 14:48

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

Tampered Service: sppsvc

 

 

HWID Data-->

HWID Hash Current: MgAAAAMAAQABAAEAAQABAAAAAgABAAEAJJR2BDaGTjR3FphByhP45N6ILK5WZI4UXF0=

 

OEM Activation 1.0 Data-->

N/A

 

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes, but no SLIC table

Windows marker version: N/A

OEMID and OEMTableID Consistent: N/A

BIOS Information: 

  ACPI Table Name OEMID Value OEMTableID Value

  APIC INTEL Calpella

  FACP LENOVO CB-01   

  HPET LENOVO CB-01   

  BOOT INTEL Calpella

  MCFG LENOVO CB-01   

  WDRT INTEL Calpella

  ASF! INTEL Calpella

  SLIX LENOVO CB-01   

  ASPT INTEL Calpella

  SSDT PmRef CpuPm

  SSDT PmRef CpuPm

  SSDT PmRef CpuPm

[chrmdfreak]

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\program files\diablo ii\kingpint'z item pack\kingpint'z item pack\uniques\weapons\staff\exceptional\ribcracker.d2i

c:\program files\diablo ii\kingpint'z item pack\kingpint'z item pack\uniques\weapons\sword\exceptional\cloudcrack.d2i

c:\program files\diablo ii\mewi's diablo 2 item pack v1.0\items\1.03-1.09\staff ribcracker quarterstaff.d2i

c:\program files\diablo ii\mewi's diablo 2 item pack v1.0\items\staves\ribcracker.d2i

c:\program files\diablo ii\mewi's diablo 2 item pack v1.0\items\swords\exceptional uniques\cloudcrack.d2i

c:\program files\diablo ii\prime evil's item pack\magic-rare\death crack polished wand.d2i

c:\program files\diablo ii\prime evil's item pack\rare elites\corpse crack thunder maul.d2i

c:\program files\diablo ii\prime evil's item pack\uniques\cloudcrack gothic sword.d2i

c:\program files\diablo ii\prime evil's item pack\uniques\ribcracker quarterstaff.d2i

c:\program files\diablo ii\valor vault\valorvault1.6\items\uniques\exceptional\weapons\staves\ribcracker quarterstaff.d2i

c:\program files\diablo ii\valor vault\valorvault1.6\items\uniques\exceptional\weapons\swords\cloudcrack gothic sword.d2i

c:\program files\infernal veil i\cracked.rar

c:\program files\infernal veil ii\cracked.rar

c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class

scanner sequence 3.JD.11.EKAPGZ

 ----- EOF ----- 

[kevinf80]

It would seem you are not running a legitimate (validated) version of Windows 7 Pro, maybe better if you try to get activation via phone...

 

Activate Windows 7 manually:

1. Click Start, and in the Search box type :  slui.exe 4

2. Press ENTER on your Keyboard

3. Select your Country.

4. Select the Phone Activation option, then follow the prompts....

 

When the above is completed come back and post a fresh WGA log..

 

Thank you for your understanding...

 

Kevin...

[chrmdfreak]

It would seem you are not running a legitimate (validated) version of Windows 7 Pro, maybe better if you try to get activation via phone...

 

Activate Windows 7 manually:

1. Click Start, and in the Search box type :  slui.exe 4

2. Press ENTER on your Keyboard

3. Select your Country.

4. Select the Phone Activation option, then follow the prompts....

 

When the above is completed come back and post a fresh WGA log..

 

Thank you for your understanding...

 

Kevin...

 

Is this the last step kevin? I mean, am I clean from adware, malware and stuff?

[kevinf80]

There is no last step, your system is not validated, we cannot go any further until that is done and you post a fresh WGA log. When we see a validated log we can proceed and help further....

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.