kjwc12 Posted January 24, 2014 ID:782075 Share Posted January 24, 2014 Thanks in advance for any help you can offer! DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428Run by wifikyla at 19:01:14 on 2014-01-23Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.3238 [GMT -6:00].AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Prey\platform\windows\cronsvc.exeC:\Users\wifikyla\AppData\Local\CrossLoop\CrossLoopService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\system32\locator.exeC:\Program Files\Soluto\SolutoLauncherService.exeC:\Windows\system32\taskhost.exec:\program files\soluto\soluto.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\Soluto\SolutoService.exeC:\Program Files\Soluto\SolutoRemoteService.exeC:\program files (x86)\google\google calendar sync\googlecalendarsync.exeC:\Users\wifikyla\appdata\roaming\dropbox\bin\dropbox.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Firefox\firefox.exeC:\Program Files (x86)\Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeC:\Windows\system32\notepad.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:TabsuURLSearchHooks: FCToolbarURLSearchHook Class: {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dlluURLSearchHooks: <No Name>: - LocalServer32 - <no file>mWinlogon: Userinit = userinit.exe,BHO: Upromise RewardU Toolbar BHO: {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLTB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dlluRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uimRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostartmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\wifikyla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\wifikyla\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: SoftwareSASGeneration = dword:3IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.0.1 205.171.3.25TCP: Interfaces\{2CFDD833-8A72-4ECC-B72B-4B8BFC2DFB3C} : DHCPNameServer = 192.168.0.1 205.171.3.25Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinitx64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>Hosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\wifikyla\AppData\Local\Citrix\Plugins\97\npappdetector.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll.---- FIREFOX POLICIES ----FF - user.js: extentions.y2layers.installId - e28da934-b1cc-4364-b0a5-48769c5cf2efFF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffersFF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - 0049d4b500000000000000219b003045FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15847FF - user.js: extensions.delta.vrsn - 1.8.21.5FF - user.js: extensions.delta.vrsni - 1.8.21.5FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:18:38FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta_i.babTrack - affID=119351&tt=gc_FF - user.js: extensions.delta_i.babExt -FF - user.js: extensions.delta_i.srcExt - ssFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false.============= SERVICES / DRIVERS ===============.R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2014-1-14 54728]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2013-10-19 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2013-10-19 1139800]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2013-10-19 169048]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140123.001\IDSviA64.sys [2014-1-23 521944]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2013-10-19 224416]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-10-19 433752]R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]R2 CrossLoopService;CrossLoop Service;C:\Users\wifikyla\AppData\Local\CrossLoop\CrossLoopService.exe [2013-11-15 569072]R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-10-19 144368]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-9 1153368]R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-11-14 182848]R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-11-14 856128]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-19 137648]R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-11-14 1942016]R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]S2 Stratus Client;Stratus Data Link Service;C:\Program Files (x86)\Stratus\wrapper.exe [2011-11-16 204800]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-4 19456]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-19 31800]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-4 57856]S3 tvnserver;TightVNC Server;C:\Users\wifikyla\AppData\Local\CrossLoop\tvnserver.exe [2013-11-15 814080]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-27 1255736]S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776].=============== Created Last 30 ================.2014-01-19 16:14:27 -------- d-----w- C:\Users\wifikyla\AppData\Local\VS Revo Group2014-01-19 16:14:23 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys2014-01-19 16:14:23 -------- d-----w- C:\ProgramData\VS Revo Group2014-01-19 16:14:21 -------- d-----w- C:\Program Files\VS Revo Group2014-01-15 12:10:52 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2014-01-15 00:40:30 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-15 00:40:19 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 00:40:19 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 00:40:19 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 00:40:19 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 00:40:19 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 00:40:19 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 00:40:19 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 00:26:09 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin2014-01-15 00:25:19 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys2014-01-15 00:25:15 -------- d-----w- C:\Program Files\Soluto2013-12-25 01:58:59 -------- d-----w- C:\Program Files (x86)\Dungeon Scroll.==================== Find3M ====================.2014-01-24 00:48:40 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat2013-12-10 23:37:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-10 23:37:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll.============= FINISH: 19:01:33.18 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 9/25/2011 7:35:05 PMSystem Uptime: 1/23/2014 5:03:37 PM (2 hours ago).Motherboard: Dell Inc. | | 0FM586Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2498/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 697 GiB total, 503.368 GiB free.D: is FIXED (NTFS) - 2 GiB total, 0.961 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is FIXED (NTFS) - 298 GiB total, 207.649 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP233: 8/29/2013 3:00:11 AM - Windows UpdateRP234: 9/3/2013 6:33:18 AM - Windows UpdateRP235: 9/8/2013 12:50:25 PM - Windows BackupRP236: 9/12/2013 3:07:23 PM - Windows UpdateRP237: 9/12/2013 3:59:36 PM - Windows UpdateRP238: 9/17/2013 6:43:19 PM - Windows UpdateRP239: 9/22/2013 8:18:53 AM - Windows BackupRP240: 9/22/2013 5:53:07 PM - Windows BackupRP241: 9/24/2013 6:52:19 PM - Windows UpdateRP242: 9/27/2013 8:46:03 PM - Windows UpdateRP243: 10/1/2013 7:23:50 PM - Windows UpdateRP244: 10/4/2013 8:45:29 PM - Windows UpdateRP245: 10/4/2013 10:05:23 PM - Removed Skype™ 6.6RP246: 10/4/2013 10:14:52 PM - Removed Relentless Software PrerequisitesRP247: 10/4/2013 10:18:10 PM - Removed Stratus Data Link ServiceRP248: 10/5/2013 7:26:29 PM - Removed Stratus Data Link ServiceRP249: 10/5/2013 7:31:47 PM - Removed Stratus Data Link ServiceRP250: 10/5/2013 7:44:57 PM - Removed Microsoft SilverlightRP251: 10/5/2013 7:45:42 PM - Removed Stratus Data Link ServiceRP252: 10/6/2013 12:26:06 PM - Windows BackupRP253: 10/6/2013 1:29:06 PM - Windows BackupRP254: 10/8/2013 9:00:29 PM - Windows UpdateRP255: 10/8/2013 9:18:47 PM - Windows UpdateRP256: 10/15/2013 3:35:48 PM - Windows UpdateRP257: 10/18/2013 8:15:30 PM - Windows UpdateRP258: 10/19/2013 3:43:28 PM - Installed CenturyLink InstallerRP259: 10/20/2013 11:01:10 AM - Windows BackupRP261: 10/28/2013 5:56:58 PM - Scheduled CheckpointRP262: 11/3/2013 8:50:06 AM - Windows BackupRP263: 11/10/2013 7:04:21 PM - Scheduled CheckpointRP264: 11/13/2013 7:00:57 PM - Windows UpdateRP265: 11/17/2013 9:50:29 AM - Windows BackupRP266: 11/24/2013 4:15:42 PM - Scheduled CheckpointRP267: 11/26/2013 7:00:22 PM - Windows UpdateRP268: 11/27/2013 7:00:11 PM - Windows UpdateRP269: 12/5/2013 8:14:14 PM - Scheduled CheckpointRP270: 12/11/2013 6:43:42 AM - Windows UpdateRP271: 12/15/2013 7:00:14 PM - Windows UpdateRP272: 12/23/2013 7:02:39 PM - Scheduled CheckpointRP273: 12/30/2013 7:26:58 PM - Scheduled CheckpointRP274: 1/6/2014 7:55:37 PM - Scheduled CheckpointRP275: 1/14/2014 6:40:36 PM - Windows UpdateRP276: 1/15/2014 6:20:36 AM - Windows UpdateRP277: 1/18/2014 10:39:04 AM - before CenturyLink PC healthRP278: 1/18/2014 10:42:22 AM - Installed CenturyLink InstallerRP280: 1/19/2014 10:15:42 AM - Revo Uninstaller Pro's restore point - 360Amigo System Speedup FreeRP282: 1/19/2014 10:16:31 AM - Revo Uninstaller Pro's restore point - 360Amigo System Speedup FreeRP284: 1/19/2014 10:17:25 AM - Revo Uninstaller Pro's restore point - 3D Fish School 4 Screen SaverRP286: 1/19/2014 10:18:38 AM - Revo Uninstaller Pro's restore point - 3D Sci-Fi Movie MakerRP288: 1/19/2014 10:20:45 AM - Revo Uninstaller Pro's restore point - ABViewerRP290: 1/19/2014 10:21:38 AM - Revo Uninstaller Pro's restore point - Ad-Aware Free Antivirus +RP292: 1/19/2014 11:42:16 AM - Revo Uninstaller Pro's restore point - COMODO System CleanerRP294: 1/19/2014 11:43:20 AM - Revo Uninstaller Pro's restore point - Clean Disk Security(1)RP296: 1/19/2014 11:44:01 AM - Revo Uninstaller Pro's restore point - Clean My RegistryRP298: 1/19/2014 11:44:46 AM - Revo Uninstaller Pro's restore point - Clean Space 2013RP300: 1/19/2014 11:46:33 AM - Revo Uninstaller Pro's restore point - CleanCenterRP302: 1/19/2014 11:47:14 AM - Revo Uninstaller Pro's restore point - Corel PaintShop Pro X5RP304: 1/19/2014 1:37:44 PM - Revo Uninstaller Pro's restore point - Clean Disk SecurityRP306: 1/19/2014 1:38:53 PM - Revo Uninstaller Pro's restore point - Dungeon DefendersRP308: 1/19/2014 1:43:18 PM - Revo Uninstaller Pro's restore point - IrfanView (remove only)RP310: 1/19/2014 1:44:11 PM - Revo Uninstaller Pro's restore point - GoToMeeting 5.8.0.1189RP312: 1/19/2014 1:45:46 PM - Revo Uninstaller Pro's restore point - Opera 12.14RP314: 1/19/2014 1:47:26 PM - Revo Uninstaller Pro's restore point - Stratus Data Link ServiceRP316: 1/23/2014 6:48:55 PM - Revo Uninstaller Pro's restore point - office Convert Pdf to PowerPoint for ppt Free.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.06)Amazon MP3 Downloader 1.0.15Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourCanon MP Navigator EX 3.1Canon MX340 series MP DriversCenturyLink InstallerCrossLoop 2.82CutePDF Writer 2.8D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell Driver Download ManagerDropboxDungeon Scroll Gold Edition (remove only)Families SyncFamily Tree Maker 2012Google Apps Migration For Microsoft Outlook® 2.3.12.34Google Calendar SyncGoogle EarthGoogle Update HelperHiJackThisiCloudIntuit SiteBuilderiTunesLegacy 7.5Malwarebytes Anti-Malware version 1.75.0.1300Memeo Instant BackupMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Money PlusMicrosoft Money Shared LibrariesMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual J# 2.0 Redistributable PackageMicrosoft Visual Studio 2010 Tools for Office Runtime (x64)Mozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTNancy Drew: Message in a Haunted MansionNorton AntiVirusNotepad++oDesk TeamQuickTimeRevo Uninstaller Pro 3.0.8Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSnagIt 8SolutoSpybot - Search & DestroySteamTrueCryptUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionUpromise RewardU ToolbarWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Media Encoder 9 SeriesXenu's Link Sleuth.==== Event Viewer Messages From Past Week ========.1/23/2014 5:58:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.1/23/2014 5:12:46 PM, Error: Service Control Manager [7034] - The Stratus Data Link Service service terminated unexpectedly. It has done this 1 time(s).1/23/2014 5:12:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.1/23/2014 5:12:42 PM, Error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/23/2014 5:10:37 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the MemeoBackgroundService service to connect.1/23/2014 5:10:37 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/22/2014 8:59:23 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.1/19/2014 11:57:16 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).1/19/2014 11:57:16 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted January 24, 2014 ID:782287 Share Posted January 24, 2014 Hello kjwc12 and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please uninstall this application: Upromise RewardU Toolbar Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
kjwc12 Posted January 25, 2014 Author ID:782463 Share Posted January 25, 2014 Thank you, Borislav. Here are the logs. I forgot I wasn't supposed to make any changes and I changed my default search from Bing to Google. I think that is shown in the log, sorry about that. My boot time is still 3 or 4 minutes, but definitely better. ----~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Home Premium x64Ran by wifikyla on Fri 01/24/2014 at 19:47:31.11~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhookSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproductsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeincSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1733726623-754820531-1122640164-1000\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancsSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.FCTB000100987PosSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.FCTB000100987Pos.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.IEToolbarSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.IEToolbar.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.JSOptionsImplSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100987.JSOptionsImpl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.FCTB000100987PosSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.FCTB000100987Pos.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.IEToolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.IEToolbar.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.JSOptionsImplSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100987.JSOptionsImpl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS~~~ FilesSuccessfully deleted: [File] C:\Windows\Tasks\dsite.job~~~ FoldersSuccessfully deleted: [Folder] C:\Users\wifikyla\AppData\LocalLow\FCTB000100987Successfully deleted: [Folder] "C:\Users\wifikyla\AppData\Roaming\dsite"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{12583EFE-7843-4E91-AEC6-D23703F5A126}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{347A0918-7E64-4A61-863A-D9461A319CE5}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{34E135FA-F91E-40E9-A183-740EA5CADAAD}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{3BC9DE49-2F79-44AB-8AA1-1103751F5ACC}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{3E30582F-019E-471F-951E-8A8304B354E5}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{4041E0EE-D5F2-440C-91E8-61235C01F539}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{495D158A-5784-4B78-AB84-EF7945CE0090}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{795A2B53-5871-498F-BA94-AB7001D98877}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{95308ABF-F935-4849-BC0C-0480877D0A56}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{AE55DA80-BCF9-4AD0-BD0B-29A253DF34AE}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{C22FE830-07C1-4459-8922-C8CF0A9F064E}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{F4B9D72A-230B-43DB-8834-BBC971FCD3D5}Successfully deleted: [Empty Folder] C:\Users\wifikyla\appdata\local\{F5ABB9DE-5ABD-4473-94FA-B3B36F09F691}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 01/24/2014 at 19:54:19.75End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.017 - Report created 24/01/2014 at 20:09:08# Updated 12/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : wifikyla - WIFIKYLAINSP530# Running from : C:\Users\wifikyla\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\wifikyla\AppData\Local\PackageAwareFile Deleted : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\invalidprefs.jsFile Deleted : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\searchplugins\bingp.xmlFile Deleted : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\user.jsFile Deleted : C:\Users\wifikyla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorageFile Deleted : C:\Users\wifikyla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journalFile Deleted : C:\Windows\System32\Tasks\DealPlyUpdateFile Deleted : C:\Windows\System32\Tasks\DSiteFile Deleted : C:\Windows\System32\Tasks\EPUpdater***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmmaKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.comKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\Software\InstallIQKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Mozilla Firefox v26.0 (en-US)[ File : C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\prefs.js ]Line Deleted : user_pref("extensions.delta.admin", false);Line Deleted : user_pref("extensions.delta.aflt", "babsst");Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");Line Deleted : user_pref("extensions.delta.autoRvrt", "false");Line Deleted : user_pref("extensions.delta.dfltLng", "en");Line Deleted : user_pref("extensions.delta.excTlbr", false);Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);Line Deleted : user_pref("extensions.delta.id", "0049d4b500000000000000219b003045");Line Deleted : user_pref("extensions.delta.instlDay", "15847");Line Deleted : user_pref("extensions.delta.instlRef", "sst");Line Deleted : user_pref("extensions.delta.newTab", false);Line Deleted : user_pref("extensions.delta.prdct", "delta");Line Deleted : user_pref("extensions.delta.prtnrId", "delta");Line Deleted : user_pref("extensions.delta.rvrt", "false");Line Deleted : user_pref("extensions.delta.smplGrp", "none");Line Deleted : user_pref("extensions.delta.tlbrId", "base");Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.519:18:38");Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");Line Deleted : user_pref("extensions.delta_i.babExt", "");Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");Line Deleted : user_pref("extentions.y2layers.installId", "e28da934-b1cc-4364-b0a5-48769c5cf2ef");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.AutoSearchEventData", "auto%20search");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.ClearCacheDate", 24);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DNSCatch", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DisplayEULA", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.DnsCatchEventData", "dns%20catch");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EBOMode", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCAData_xx", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.EnableDCA_xx", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.FirstLaunchShown", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.InstallDomain", "upromise.com");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.InstallType", "one_click");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.LoadLayoutDate.100987", 24);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.NewTabSearchEventData", "tab%20search");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.ShowRecommendedOptions", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.StateReportDate", "1390516498306");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.TopRightSearchEventData", "top%20right%20search");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeInstallSaved", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.homepage", "hxxp%3A//www.google.com/ig");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.beforeinstall.search", "Google");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.affiliate.116.disabled", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_img", "aHR0cHM6Ly9zdGF0aWMucmV3YXJ6LmNvbS9jbGllbnRzL1Vwcm9taXNlL3Rvb2xiYXJzL3Byb2R1Y3Rpb24vMTAwOTg3L2ltYWdlcy95YWhvb19mYXZpY2[...]Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.engine_url", "aHR0cDovL29sbWNkbi51cHJvbWlzZS5jb20vc2VhcmNoLmh0bWw/cXM9");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.comp.search.58.text", "Search%20the%20Web");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.customNewTab", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaDefaultMode", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowInstallerPage", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.dcaShowSurvey", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.helpUsImprove", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.hideOthers", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.partnerauth", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.processAddrBar", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.remove_homepage", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.remove_search", true);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.restoreSearch", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.searchHistory", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.session", "EA0A5E0612B1AF44CD91F797982F60B5C38BFCCACC29E2AD87901B0AEC1DB0014FFB329822117049EC3A088F4F7D044E87BB4FF3795519D953DD172AE999C98953B25345[...]Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.showFirstLaunchOptions", false);Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.tb_lang", "en");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.tool_id", "100987");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_id", "25931");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_key", "2ddcf903c255668015b5af30be7ac10407182b7f");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_layouts", "100987");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.user_lnames", "Upromise%20RewardU%20Toolbar");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.xml_service_url", "cf2788bd15fe5bcbc566786e33a951d1");Line Deleted : user_pref("freecauseb987141395b701c469cf961a01420158.yahooSearch", false);[ File : C:\Users\admin spare\AppData\Roaming\Mozilla\Firefox\Profiles\zuovz6ss.default\prefs.js ]*************************AdwCleaner[R0].txt - [8814 octets] - [24/01/2014 20:08:22]AdwCleaner[s0].txt - [8911 octets] - [24/01/2014 20:09:08]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8971 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.25.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476wifikyla :: WIFIKYLAINSP530 [administrator]1/24/2014 8:32:41 PMmbam-log-2014-01-24 (20-32-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 259995Time elapsed: 4 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\wifikyla\Desktop\7zip_14244_ST.exe (PUP.Optional.InstallQ) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Maniac Posted January 25, 2014 ID:782710 Share Posted January 25, 2014 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
kjwc12 Posted January 25, 2014 Author ID:782749 Share Posted January 25, 2014 Thank you. Here is the ESET result info: C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage10.zip Win32/Bagle.gen.zip worm C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A application C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage10.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantinedC:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A application deleted - quarantinedJ:\wifikyla_Backup\2011-10-15_11-49-48\Memeo\2011-10-15_11-49-48\C_\Users\wifikyla\Downloads\FoxitReader510.1021_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantinedJ:\wifikyla_Backup\2013-05-05_16-38-49\Memeo\2013-05-05_16-38-49\C_\Users\wifikyla\Desktop\7zip_14244_ST.exe probably a variant of Win32/InstallIQ.A application cleaned by deleting - quarantinedJ:\wifikyla_Backup\2013-05-05_16-38-49\Memeo\2013-05-05_16-38-49\C_\Users\wifikyla\Desktop\ZipOpenerSetup.exe Win32/InstallCore.BN application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Maniac Posted January 26, 2014 ID:782858 Share Posted January 26, 2014 How are things now? Link to post Share on other sites More sharing options...
kjwc12 Posted January 26, 2014 Author ID:782985 Share Posted January 26, 2014 I'm using a program called Soluto for boot time info. It says "Boot takes 3:58min. Desktop was responsive after 2:44min." That is an improvement, but doesn't seem too great. Something I did not think to mention is when I turn on my computer I quickly see the Dell screen briefly (which is correct,) and then see Windows starting to come up. After about 30 seconds, my monitor turns black and says "No signal." After 30 - 60 seconds, Windows will start successfully. Very strange. Thanks, Borislav! I did donate some money, and the name was different, but hopefully it goes where you want it. :-) Link to post Share on other sites More sharing options...
Maniac Posted January 26, 2014 ID:783039 Share Posted January 26, 2014 Yes, that's my father name. Try to improve it with these steps: https://forums.malwarebytes.org/index.php?showtopic=81990 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 30, 2014 Root Admin ID:784370 Share Posted January 30, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts