Jump to content

Six minute boot, BBC.co.uk redirecting to Yahoo, HJT says no internet


Recommended Posts

Thanks in advance for any help you can offer!


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by wifikyla at 19:01:14 on 2014-01-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6142.3238 [GMT -6:00]
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton AntiVirus\Engine\\ccSvcHst.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
c:\program files\soluto\soluto.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Soluto\SolutoRemoteService.exe
C:\program files (x86)\google\google calendar sync\googlecalendarsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Firefox\firefox.exe
C:\Program Files (x86)\Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
============== Pseudo HJT Report ===============
uStart Page = about:Tabs
uURLSearchHooks: FCToolbarURLSearchHook Class: {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: Upromise RewardU Toolbar BHO: {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\wifikyla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\wifikyla\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
TCP: NameServer =
TCP: Interfaces\{2CFDD833-8A72-4ECC-B72B-4B8BFC2DFB3C} : DHCPNameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts:    www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\wifikyla\AppData\Local\Citrix\Plugins\97\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - user.js: extentions.y2layers.installId - e28da934-b1cc-4364-b0a5-48769c5cf2ef
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 0049d4b500000000000000219b003045
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15847
FF - user.js: extensions.delta.vrsn -
FF - user.js: extensions.delta.vrsni -
FF - user.js: extensions.delta.vrsnTs -
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
============= SERVICES / DRIVERS ===============
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2014-1-14 54728]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2013-10-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2013-10-19 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2013-10-19 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140123.001\IDSviA64.sys [2014-1-23 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2013-10-19 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-10-19 433752]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 CrossLoopService;CrossLoop Service;C:\Users\wifikyla\AppData\Local\CrossLoop\CrossLoopService.exe [2013-11-15 569072]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\\ccsvchst.exe [2013-10-19 144368]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-9 1153368]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-11-14 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-11-14 856128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-19 137648]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-11-14 1942016]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
S2 Stratus Client;Stratus Data Link Service;C:\Program Files (x86)\Stratus\wrapper.exe [2011-11-16 204800]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-4 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-19 31800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-4 57856]
S3 tvnserver;TightVNC Server;C:\Users\wifikyla\AppData\Local\CrossLoop\tvnserver.exe [2013-11-15 814080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-27 1255736]
S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
=============== Created Last 30 ================
2014-01-19 16:14:27    --------    d-----w-    C:\Users\wifikyla\AppData\Local\VS Revo Group
2014-01-19 16:14:23    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-01-19 16:14:23    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-01-19 16:14:21    --------    d-----w-    C:\Program Files\VS Revo Group
2014-01-15 12:10:52    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-15 00:40:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 00:40:19    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 00:40:19    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 00:40:19    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 00:40:19    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 00:40:19    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 00:40:19    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 00:40:19    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 00:26:09    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2014-01-15 00:25:19    54728    ----a-w-    C:\Windows\System32\drivers\Soluto.sys
2014-01-15 00:25:15    --------    d-----w-    C:\Program Files\Soluto
2013-12-25 01:58:59    --------    d-----w-    C:\Program Files (x86)\Dungeon Scroll
==================== Find3M  ====================
2014-01-24 00:48:40    29    ----a-w-    C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-12-10 23:37:15    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:37:15    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
============= FINISH: 19:01:33.18 ===============



DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/25/2011 7:35:05 PM
System Uptime: 1/23/2014 5:03:37 PM (2 hours ago)
Motherboard: Dell Inc. |  | 0FM586
Processor: Intel® Core2 Quad  CPU   Q9300  @ 2.50GHz | Socket 775 | 2498/333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 697 GiB total, 503.368 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 0.961 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 298 GiB total, 207.649 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP233: 8/29/2013 3:00:11 AM - Windows Update
RP234: 9/3/2013 6:33:18 AM - Windows Update
RP235: 9/8/2013 12:50:25 PM - Windows Backup
RP236: 9/12/2013 3:07:23 PM - Windows Update
RP237: 9/12/2013 3:59:36 PM - Windows Update
RP238: 9/17/2013 6:43:19 PM - Windows Update
RP239: 9/22/2013 8:18:53 AM - Windows Backup
RP240: 9/22/2013 5:53:07 PM - Windows Backup
RP241: 9/24/2013 6:52:19 PM - Windows Update
RP242: 9/27/2013 8:46:03 PM - Windows Update
RP243: 10/1/2013 7:23:50 PM - Windows Update
RP244: 10/4/2013 8:45:29 PM - Windows Update
RP245: 10/4/2013 10:05:23 PM - Removed Skype™ 6.6
RP246: 10/4/2013 10:14:52 PM - Removed Relentless Software Prerequisites
RP247: 10/4/2013 10:18:10 PM - Removed Stratus Data Link Service
RP248: 10/5/2013 7:26:29 PM - Removed Stratus Data Link Service
RP249: 10/5/2013 7:31:47 PM - Removed Stratus Data Link Service
RP250: 10/5/2013 7:44:57 PM - Removed Microsoft Silverlight
RP251: 10/5/2013 7:45:42 PM - Removed Stratus Data Link Service
RP252: 10/6/2013 12:26:06 PM - Windows Backup
RP253: 10/6/2013 1:29:06 PM - Windows Backup
RP254: 10/8/2013 9:00:29 PM - Windows Update
RP255: 10/8/2013 9:18:47 PM - Windows Update
RP256: 10/15/2013 3:35:48 PM - Windows Update
RP257: 10/18/2013 8:15:30 PM - Windows Update
RP258: 10/19/2013 3:43:28 PM - Installed CenturyLink Installer
RP259: 10/20/2013 11:01:10 AM - Windows Backup
RP261: 10/28/2013 5:56:58 PM - Scheduled Checkpoint
RP262: 11/3/2013 8:50:06 AM - Windows Backup
RP263: 11/10/2013 7:04:21 PM - Scheduled Checkpoint
RP264: 11/13/2013 7:00:57 PM - Windows Update
RP265: 11/17/2013 9:50:29 AM - Windows Backup
RP266: 11/24/2013 4:15:42 PM - Scheduled Checkpoint
RP267: 11/26/2013 7:00:22 PM - Windows Update
RP268: 11/27/2013 7:00:11 PM - Windows Update
RP269: 12/5/2013 8:14:14 PM - Scheduled Checkpoint
RP270: 12/11/2013 6:43:42 AM - Windows Update
RP271: 12/15/2013 7:00:14 PM - Windows Update
RP272: 12/23/2013 7:02:39 PM - Scheduled Checkpoint
RP273: 12/30/2013 7:26:58 PM - Scheduled Checkpoint
RP274: 1/6/2014 7:55:37 PM - Scheduled Checkpoint
RP275: 1/14/2014 6:40:36 PM - Windows Update
RP276: 1/15/2014 6:20:36 AM - Windows Update
RP277: 1/18/2014 10:39:04 AM - before CenturyLink PC health
RP278: 1/18/2014 10:42:22 AM - Installed CenturyLink Installer
RP280: 1/19/2014 10:15:42 AM - Revo Uninstaller Pro's restore point - 360Amigo System Speedup Free
RP282: 1/19/2014 10:16:31 AM - Revo Uninstaller Pro's restore point - 360Amigo System Speedup Free
RP284: 1/19/2014 10:17:25 AM - Revo Uninstaller Pro's restore point - 3D Fish School 4 Screen Saver
RP286: 1/19/2014 10:18:38 AM - Revo Uninstaller Pro's restore point - 3D Sci-Fi Movie Maker
RP288: 1/19/2014 10:20:45 AM - Revo Uninstaller Pro's restore point - ABViewer
RP290: 1/19/2014 10:21:38 AM - Revo Uninstaller Pro's restore point - Ad-Aware Free Antivirus +
RP292: 1/19/2014 11:42:16 AM - Revo Uninstaller Pro's restore point - COMODO System Cleaner
RP294: 1/19/2014 11:43:20 AM - Revo Uninstaller Pro's restore point - Clean Disk Security(1)
RP296: 1/19/2014 11:44:01 AM - Revo Uninstaller Pro's restore point - Clean My Registry
RP298: 1/19/2014 11:44:46 AM - Revo Uninstaller Pro's restore point - Clean Space 2013
RP300: 1/19/2014 11:46:33 AM - Revo Uninstaller Pro's restore point - CleanCenter
RP302: 1/19/2014 11:47:14 AM - Revo Uninstaller Pro's restore point - Corel PaintShop Pro X5
RP304: 1/19/2014 1:37:44 PM - Revo Uninstaller Pro's restore point - Clean Disk Security
RP306: 1/19/2014 1:38:53 PM - Revo Uninstaller Pro's restore point - Dungeon Defenders
RP308: 1/19/2014 1:43:18 PM - Revo Uninstaller Pro's restore point - IrfanView (remove only)
RP310: 1/19/2014 1:44:11 PM - Revo Uninstaller Pro's restore point - GoToMeeting
RP312: 1/19/2014 1:45:46 PM - Revo Uninstaller Pro's restore point - Opera 12.14
RP314: 1/19/2014 1:47:26 PM - Revo Uninstaller Pro's restore point - Stratus Data Link Service
RP316: 1/23/2014 6:48:55 PM - Revo Uninstaller Pro's restore point - office Convert Pdf to PowerPoint for ppt Free
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.06)
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
CenturyLink Installer
CrossLoop 2.82
CutePDF Writer 2.8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dungeon Scroll Gold Edition (remove only)
Families Sync
Family Tree Maker 2012
Google Apps Migration For Microsoft Outlook®
Google Calendar Sync
Google Earth
Google Update Helper
Intuit SiteBuilder
Legacy 7.5
Malwarebytes Anti-Malware version
Memeo Instant Backup
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Nancy Drew: Message in a Haunted Mansion
Norton AntiVirus
oDesk Team
Revo Uninstaller Pro 3.0.8
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SnagIt 8
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upromise RewardU Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Xenu's Link Sleuth
==== Event Viewer Messages From Past Week ========
1/23/2014 5:58:13 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
1/23/2014 5:12:46 PM, Error: Service Control Manager [7034]  - The Stratus Data Link Service service terminated unexpectedly.  It has done this 1 time(s).
1/23/2014 5:12:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (120000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.
1/23/2014 5:12:42 PM, Error: Service Control Manager [7000]  - The Soluto PCGenome Core Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/23/2014 5:10:37 PM, Error: Service Control Manager [7009]  - A timeout was reached (120000 milliseconds) while waiting for the MemeoBackgroundService service to connect.
1/23/2014 5:10:37 PM, Error: Service Control Manager [7000]  - The MemeoBackgroundService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/22/2014 8:59:23 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
1/19/2014 11:57:16 AM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/19/2014 11:57:16 AM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
==== End Of File ===========================


Link to post
Share on other sites

Hello kjwc12 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Upromise RewardU Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Thank you, Borislav.  Here are the logs.  I forgot I wasn't supposed to make any changes and I changed my default search from Bing to Google.  I think that is shown in the log, sorry about that.  My boot time is still 3 or 4 minutes, but definitely better.



Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by wifikyla on Fri 01/24/2014 at 19:47:31.11

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeinc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1733726623-754820531-1122640164-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.FCTB000100987Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.FCTB000100987Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.FCTB000100987Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.FCTB000100987Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\dsite.job

~~~ Folders

Successfully deleted: [Folder] C:\Users\wifikyla\AppData\LocalLow\FCTB000100987
Successfully deleted: [Folder] "C:\Users\wifikyla\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{12583EFE-7843-4E91-AEC6-D23703F5A126}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{347A0918-7E64-4A61-863A-D9461A319CE5}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{34E135FA-F91E-40E9-A183-740EA5CADAAD}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{3BC9DE49-2F79-44AB-8AA1-1103751F5ACC}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{3E30582F-019E-471F-951E-8A8304B354E5}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{4041E0EE-D5F2-440C-91E8-61235C01F539}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{495D158A-5784-4B78-AB84-EF7945CE0090}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{795A2B53-5871-498F-BA94-AB7001D98877}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{95308ABF-F935-4849-BC0C-0480877D0A56}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{AE55DA80-BCF9-4AD0-BD0B-29A253DF34AE}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{C22FE830-07C1-4459-8922-C8CF0A9F064E}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{F4B9D72A-230B-43DB-8834-BBC971FCD3D5}
Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{F5ABB9DE-5ABD-4473-94FA-B3B36F09F691}

~~~ Event Viewer Logs were cleared

Scan was completed on Fri 01/24/2014 at 19:54:19.75
End of JRT log


# AdwCleaner v3.017 - Report created 24/01/2014 at 20:09:08
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : wifikyla - WIFIKYLAINSP530
# Running from : C:\Users\wifikyla\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\wifikyla\AppData\Local\PackageAware
File Deleted : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\invalidprefs.js
File Deleted : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\searchplugins\bingp.xml
File Deleted : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\user.js
File Deleted : C:\Users\wifikyla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\wifikyla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "0049d4b500000000000000219b003045");
Line Deleted : user_pref("extensions.delta.instlDay", "15847");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "");
Line Deleted : user_pref("extensions.delta.vrsnTs", "");
Line Deleted : user_pref("extensions.delta.vrsni", "");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "e28da934-b1cc-4364-b0a5-48769c5cf2ef");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.ClearCacheDate", 24);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DNSCatch", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DisplayEULA", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EBOMode", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCAData_xx", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCA_xx", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.FirstLaunchShown", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.InstallDomain", "upromise.com");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.InstallType", "one_click");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.LoadLayoutDate.100987", 24);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.StateReportDate", "1390516498306");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeInstallSaved", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.homepage", "hxxp%3A//www.google.com/ig");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.search", "Google");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.affiliate.116.disabled", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_img", "aHR0cHM6Ly9zdGF0aWMucmV3YXJ6LmNvbS9jbGllbnRzL1Vwcm9taXNlL3Rvb2xiYXJzL3Byb2R1Y3Rpb24vMTAwOTg3L2ltYWdlcy95YWhvb19mYXZpY2[...]
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_url", "aHR0cDovL29sbWNkbi51cHJvbWlzZS5jb20vc2VhcmNoLmh0bWw/cXM9");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.text", "Search%20the%20Web");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.customNewTab", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaDefaultMode", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowSurvey", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.helpUsImprove", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.hideOthers", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.partnerauth", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.processAddrBar", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.remove_homepage", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.remove_search", true);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.restoreSearch", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.searchHistory", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.session", "EA0A5E0612B1AF44CD91F797982F60B5C38BFCCACC29E2AD87901B0AEC1DB0014FFB329822117049EC3A088F4F7D044E87BB4FF3795519D953DD172AE999C98953B25345[...]
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.tb_lang", "en");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.tool_id", "100987");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_id", "25931");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_key", "2ddcf903c255668015b5af30be7ac10407182b7f");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_layouts", "100987");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_lnames", "Upromise%20RewardU%20Toolbar");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.xml_service_url", "cf2788bd15fe5bcbc566786e33a951d1");
Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.yahooSearch", false);

[ File : C:\Users\admin spare\AppData\Roaming\Mozilla\Firefox\Profiles\zuovz6ss.default\prefs.js ]


AdwCleaner[R0].txt - [8814 octets] - [24/01/2014 20:08:22]
AdwCleaner[s0].txt - [8911 octets] - [24/01/2014 20:09:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8971 octets] ##########

Malwarebytes Anti-Malware

Database version: v2014.01.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
wifikyla :: WIFIKYLAINSP530 [administrator]

1/24/2014 8:32:41 PM
mbam-log-2014-01-24 (20-32-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259995
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\wifikyla\Desktop\7zip_14244_ST.exe (PUP.Optional.InstallQ) -> Quarantined and deleted successfully.


Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Thank you.  Here is the ESET result info:


C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage10.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res    a variant of Win32/HiddenStart.A application    
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage10.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res    a variant of Win32/HiddenStart.A application    deleted - quarantined
J:\wifikyla_Backup\2011-10-15_11-49-48\Memeo\2011-10-15_11-49-48\C_\Users\wifikyla\Downloads\FoxitReader510.1021_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
J:\wifikyla_Backup\2013-05-05_16-38-49\Memeo\2013-05-05_16-38-49\C_\Users\wifikyla\Desktop\7zip_14244_ST.exe    probably a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
J:\wifikyla_Backup\2013-05-05_16-38-49\Memeo\2013-05-05_16-38-49\C_\Users\wifikyla\Desktop\ZipOpenerSetup.exe    Win32/InstallCore.BN application    cleaned by deleting - quarantined

Link to post
Share on other sites

I'm using a program called Soluto for boot time info.  It says "Boot takes 3:58min. Desktop was responsive after 2:44min."  That is an improvement, but doesn't seem too great.


Something I did not think to mention is when I turn on my computer I quickly see the Dell screen briefly (which is correct,) and then see Windows starting to come up.  After about 30 seconds, my monitor turns black and says "No signal."  After 30 - 60 seconds, Windows will start successfully.  Very strange.


Thanks, Borislav!  I did donate some money, and the name was different, but hopefully it goes where you want it.  :-)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.