Jump to content

Help please - Malwarebytes Not Responding


Recommended Posts

Please help.

Downloaded MBAM software last night, ran full scan over night, founds dozens of objects but when I selected them for removal, all of a sudden MBAM "not repsonding".

 

So I ran a quick scan which found 9 objects, and again when I tried to remove them the program stopped responding.

 

Although, MBAM has 'pop-ups' that appear letting me know that it has averted potential danger, etc like when I clicked the registration link to confirm my registration with MBAM this am :P

 

Thanks for any assistance.

 

S

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 1.6.0_18
Run by Skip and Shannon at 11:03:30 on 2014-03-05
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.1918.455 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Whilokii\updateWhilokii.exe
C:\Program Files\Whilokii\bin\utilWhilokii.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GamesBar\SearchEngineProtection.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Skip and Shannon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uURLSearchHooks: {a84c9e75-cb32-4928-bab6-25460a3b19b3} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [searchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [sunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\skipan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\skip and shannon\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\skipan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: oprah.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1078A00A-E9C3-41B2-983E-9E0A91925F06} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10BB25F5-46FB-4953-9947-395F8F7B70E0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F5FCCD81-9FCD-42C6-A3B3-59CEA5949D06} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\skip and shannon\appdata\roaming\mozilla\firefox\profiles\cshqoc4z.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\users\skip and shannon\appdata\roaming\mozilla\firefox\profiles\cshqoc4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\skip and shannon\appdata\roaming\mozilla\firefox\profiles\cshqoc4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\10\NP_wtapp.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\skip and shannon\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 572528]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-9 213392]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-9 60920]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2012-8-18 13824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-4 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-9 236000]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-9 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-8-18 17408]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-7-15 724992]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-12-1 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-9 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\drivers\9kdUSBXP.sys [2008-12-21 16000]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-3-24 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-3-24 251904]
.
=============== Created Last 30 ================
.
2014-03-05 04:51:06 -------- d-----w- c:\users\skip and shannon\appdata\roaming\Malwarebytes
2014-03-05 04:50:44 -------- d-----w- c:\programdata\Malwarebytes
2014-03-05 04:50:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-05 04:50:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-17 08:06:46 -------- d-----w- C:\c2315b817d16fc8306f86c
2014-02-17 08:02:42 -------- d-----w- c:\program files\CONEXANT
2014-02-17 01:52:25 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-11 03:51:45 -------- d-----w- c:\program files\TXTfielesCConverti
2014-02-11 03:51:34 -------- d-----w- c:\program files\APptoUU
2014-02-11 03:51:22 -------- d-----w- c:\program files\ggreatsavviung
2014-02-11 03:14:15 0 ----a-w- c:\windows\system32\REN74E6.tmp
2014-02-11 03:14:15 0 ----a-w- c:\windows\system32\REN74D6.tmp
2014-02-11 03:14:15 0 ----a-w- c:\windows\system32\REN74D5.tmp
.
==================== Find3M  ====================
.
2014-02-11 03:55:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:08:27.19 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 08/01/2008 8:11:20 PM
System Uptime: 21/02/2014 12:11:11 AM (299 hours ago)
.
Motherboard: ECS  |  | Nettle2
Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket M2  | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 327 GiB total, 199.764 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.851 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adelantado Trilogy: Book One
Adobe AIR
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Bejeweled 3
Big Fish: Game Manager
BlackBerry Desktop Software 6.0.1
Bonjour
BookWorm
Bookworm Adventures
Bookworm Adventures - The Monkey King
BookWorm Adventures 2
Bookworm Adventures en
Bookworm Adventures Fractured Fairytales
Bookworm Adventures Vol. 2
Bookworm Adventures Volume 2
Bookworm Adventures™ Volume 2
Bookworm Astounding Planet
Bookworm Deluxe
Bookworm Adventures - Fractured Fairytales
Bookworm® Adventures Deluxe
Chuzzle
Chuzzle Deluxe (remove only)
Chuzzle Deluxe™
Cisco Network Magic
Dropbox
EPSON Printer Software
EPSON Scan
Feeding Frenzy
Feeding Frenzy 2 Shipwreck Showdown
FUJIFILM MyFinePix Studio 3.2
GamesBar 2.0.1.81
Garden Rescue
Garden Rescue: Christmas Edition
Gardens Inc.: From Rakes to Riches
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Feedback
HP Games
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer
HP Total Care Advisor
HPAsset component for HP Active Support Library
iTunes
iWin Games (remove only)
Java Auto Updater
Java 6 Update 18
LightScribe System Software  1.14.19.1
Linksys Wireless Manager
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
NVIDIA Drivers
Plants vs. Zombies
Pure Networks Platform
Python 2.5
QuickTime
Remote Desktop Web Connection
Rhapsody Player Engine
Roxio Activation Module
Safari
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
Scan To
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Shared C Run-time for x86
Soft Data Fax Modem with SmartCP
Sony Picture Utility
Time Zone Data Update Tool for Microsoft Office Outlook
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
WeatherBug Gadget
WildTangent Games
WildTangent Games App
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile Feb. 2008 DST Updates
.
==== End Of File ===========================

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs..

 

Kevin

Link to post
Share on other sites

Hi  Kevin, thanks for your reply.

 

Here are the logs: 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 03/05/2014 01:13:22 PM in x86 mode.

Windows Version: Windows Vista Home Premium Service Pack 2

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

 * Windows Firewall Disabled

 

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

   "EnableFirewall" = dword:00000000

 

Checking Windows Service Integrity: 

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Automatic

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * HOSTS file entries found: 

 

  127.0.0.1       localhost

  ::1             localhost

 

Program finished at: 03/05/2014 01:24:39 PM

Execution time: 0 hours(s), 11 minute(s), and 16 seconds(s)

 

 

* I had to put all the Farbar scan logs in an attachment as my reply wouldn't be accepted by this site (too long)... *

 

alwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.05.08

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Skip and Shannon :: SKIPPC [administrator]

 

Protection: Enabled

 

05/03/2014 1:19:22 PM

mbam-log-2014-03-05 (13-19-22).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 275369

Time elapsed: 39 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

No objects found this time!... good sign I hope :)

 

hope this is all of it. 

 

S

 

Link to post
Share on other sites

I'm sorry, what do you mean by wrong format?

 

I tried to copy and paste the logs here again to re-post but the reply would not go (post too big).

 

Is it okay if I copy and paste into a word document and attach like before? any specific instructions o I don't screw it up? :P

 

Thanks.

 

Shannon

Link to post
Share on other sites

You`re doin` ok Shannon, we continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Let me see those logs in your next reply, also give an update on nay remaining issues or concerns....

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

HI Kevin...logs posted below....

 

I wasn't sure on which to delete from the Adware (RO).txt, but none looked imporant to me, so I cleaned them all out. I posted it in case I was wrong, you could let me know and I will restore it from the Quarantine tab. (thanks)

 

And, knock on wood, but I haven't seen any crazy floating ads,pop ups and google chrome hasn't crashed in past 15 mins or so....so, this is looking promising :)

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-03-2014

Ran by Skip and Shannon at 2014-03-06 09:30:51 Run:1

Running from C:\Users\Skip and Shannon\Downloads

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

HKU\S-1-5-21-2136866276-1773585029-842795977-1000\...\Run: [searchEngineProtection] - C:\Program Files\Gamesbar\SearchEngineProtection.exe [591248 2010-12-29] (Oberon Media )

C:\Program Files\Gamesbar\SearchEngineProtection.exe

C:\Program Files\Gamesbar

HKU\S-1-5-21-2136866276-1773585029-842795977-1000\...\MountPoints2: {876dd4da-be4f-11dc-9f07-806e6f6e6963} - E:\setup\setup.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [176408 2010-09-27] (iWin Inc.)

C:\Program Files\iWin Games

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]

U3 mbr; \??\C:\Users\SKIPAN~1\AppData\Local\Temp\mbr.sys [X]

C:\Users\Skip and Shannon\Desktop\~WRL1783.tmp

C:\Users\Skip and Shannon\AppData\Roaming\desktop.ini

C:\Users\Skip and Shannon\AppData\Local\Temp\AdobeUpdater12345.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\ApnIC.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\ApnStub.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\ApnToolbarInstaller.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\AskSLib.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\bfguni.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\big_city_adventures_bundle-setup (1).exe

C:\Users\Skip and Shannon\AppData\Local\Temp\big_city_adventures_bundle-setup (2).exe

C:\Users\Skip and Shannon\AppData\Local\Temp\ConduitEngin0.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\contentDATs.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\farmscapes_96435455-setup.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\games_toolbar62B.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\games_toolbarF181.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\GLF824D.tmp.ConduitEngineSetup.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\GLF8308.tmp.tbgame.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\KUIU.EXE

C:\Users\Skip and Shannon\AppData\Local\Temp\l4f4FE8.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\nsd1924.tmp.ConduitEngineEmbbed.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\nsisdt.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\nsy1FC3.tmp.ConduitEngineEmbbed.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\ose00000.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\Setup.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\siinst.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\strings.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\tbgam0.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\tbiWi2.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\tbpreinst434A.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\tempmessage.bfg

C:\Users\Skip and Shannon\AppData\Local\Temp\Update.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\Xvid.dll

C:\Users\Skip and Shannon\AppData\Local\Temp\_is25CF.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\_is87F4.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\_isCAF.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\_isD125.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\_isF547.exe

C:\Users\Skip and Shannon\AppData\Local\Temp\_isFDB1.exe

Task: {6F6400AC-78E8-4A10-90B4-FCE851CD4D51} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2010-09-27] (iWin Inc.) <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:052E15C3

AlternateDataStreams: C:\ProgramData\TEMP:083401E4

AlternateDataStreams: C:\ProgramData\TEMP:0A404476

AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E

AlternateDataStreams: C:\ProgramData\TEMP:0F5DCBF5

AlternateDataStreams: C:\ProgramData\TEMP:10E0CEB1

AlternateDataStreams: C:\ProgramData\TEMP:114BD271

AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6

AlternateDataStreams: C:\ProgramData\TEMP:16E76E27

AlternateDataStreams: C:\ProgramData\TEMP:1CB3187E

AlternateDataStreams: C:\ProgramData\TEMP:1F9C3D08

AlternateDataStreams: C:\ProgramData\TEMP:242E63C5

AlternateDataStreams: C:\ProgramData\TEMP:2B45FFCC

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F

AlternateDataStreams: C:\ProgramData\TEMP:2F141B68

AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD

AlternateDataStreams: C:\ProgramData\TEMP:30E0D641

AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F

AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A

AlternateDataStreams: C:\ProgramData\TEMP:3CA557DB

AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827

AlternateDataStreams: C:\ProgramData\TEMP:438C7496

AlternateDataStreams: C:\ProgramData\TEMP:439E3411

AlternateDataStreams: C:\ProgramData\TEMP:45D7D037

AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9

AlternateDataStreams: C:\ProgramData\TEMP:4BDE2F32

AlternateDataStreams: C:\ProgramData\TEMP:4C21784C

AlternateDataStreams: C:\ProgramData\TEMP:6641B59F

AlternateDataStreams: C:\ProgramData\TEMP:70B3C619

AlternateDataStreams: C:\ProgramData\TEMP:71004506

AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE

AlternateDataStreams: C:\ProgramData\TEMP:79FD1F58

AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB

AlternateDataStreams: C:\ProgramData\TEMP:7ADA8871

AlternateDataStreams: C:\ProgramData\TEMP:7B13EE36

AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA

AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7

AlternateDataStreams: C:\ProgramData\TEMP:8967C154

AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD

AlternateDataStreams: C:\ProgramData\TEMP:8DD36B71

AlternateDataStreams: C:\ProgramData\TEMP:94213A87

AlternateDataStreams: C:\ProgramData\TEMP:96646EC1

AlternateDataStreams: C:\ProgramData\TEMP:993185CB

AlternateDataStreams: C:\ProgramData\TEMP:A2B9AD4B

AlternateDataStreams: C:\ProgramData\TEMP:A384652A

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09

AlternateDataStreams: C:\ProgramData\TEMP:B790962B

AlternateDataStreams: C:\ProgramData\TEMP:B9A18B9C

AlternateDataStreams: C:\ProgramData\TEMP:BB1102D7

AlternateDataStreams: C:\ProgramData\TEMP:C10D19E3

AlternateDataStreams: C:\ProgramData\TEMP:C46995DA

AlternateDataStreams: C:\ProgramData\TEMP:CB5AA1E6

AlternateDataStreams: C:\ProgramData\TEMP:CC45913B

AlternateDataStreams: C:\ProgramData\TEMP:CF31AEF5

AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F

AlternateDataStreams: C:\ProgramData\TEMP:CFFA5D33

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

AlternateDataStreams: C:\ProgramData\TEMP:D2F157E3

AlternateDataStreams: C:\ProgramData\TEMP:D86B56BC

AlternateDataStreams: C:\ProgramData\TEMP:E1D06077

AlternateDataStreams: C:\ProgramData\TEMP:E5ADBEC3

AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83

AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67

AlternateDataStreams: C:\ProgramData\TEMP:FA7CDE12

AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7

AlternateDataStreams: C:\ProgramData\TEMP:FDDD37E8

AlternateDataStreams: C:\Users\Skip and Shannon\Downloads\RE_ Final warning....eml:OECustomProperty

End

*****************

 

HKU\S-1-5-21-2136866276-1773585029-842795977-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection => Value deleted successfully.

C:\Program Files\Gamesbar\SearchEngineProtection.exe => Moved successfully.

C:\Program Files\Gamesbar => Moved successfully.

HKU\S-1-5-21-2136866276-1773585029-842795977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{876dd4da-be4f-11dc-9f07-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{876dd4da-be4f-11dc-9f07-806e6f6e6963} => Key not found.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

iWinTrusted => Service stopped successfully.

iWinTrusted => Service deleted successfully.

C:\Program Files\iWin Games => Moved successfully.

blbdrive => Service deleted successfully.

IntcAzAudAddService => Service deleted successfully.

IpInIp => Service deleted successfully.

NwlnkFlt => Service deleted successfully.

NwlnkFwd => Service deleted successfully.

PalmUSBD => Service deleted successfully.

mbr => Service deleted successfully.

C:\Users\Skip and Shannon\Desktop\~WRL1783.tmp => Moved successfully.

C:\Users\Skip and Shannon\AppData\Roaming\desktop.ini => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\AdobeUpdater12345.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\ApnIC.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\ApnStub.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\ApnToolbarInstaller.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\AskSLib.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\bfguni.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\big_city_adventures_bundle-setup (1).exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\big_city_adventures_bundle-setup (2).exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\ConduitEngin0.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\contentDATs.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\farmscapes_96435455-setup.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\games_toolbar62B.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\games_toolbarF181.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\GLF824D.tmp.ConduitEngineSetup.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\GLF8308.tmp.tbgame.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\KUIU.EXE => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\l4f4FE8.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\nsd1924.tmp.ConduitEngineEmbbed.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\nsisdt.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\nsy1FC3.tmp.ConduitEngineEmbbed.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\Setup.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\siinst.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\strings.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\tbgam0.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\tbiWi2.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\tbpreinst434A.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\tempmessage.bfg => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\Update.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\Xvid.dll => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\_is25CF.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\_is87F4.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\_isCAF.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\_isD125.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\_isF547.exe => Moved successfully.

C:\Users\Skip and Shannon\AppData\Local\Temp\_isFDB1.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F6400AC-78E8-4A10-90B4-FCE851CD4D51} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F6400AC-78E8-4A10-90B4-FCE851CD4D51} => Key deleted successfully.

C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.

C:\ProgramData\TEMP => ":052E15C3" ADS removed successfully.

C:\ProgramData\TEMP => ":083401E4" ADS removed successfully.

C:\ProgramData\TEMP => ":0A404476" ADS removed successfully.

C:\ProgramData\TEMP => ":0C65EA0E" ADS removed successfully.

C:\ProgramData\TEMP => ":0F5DCBF5" ADS removed successfully.

C:\ProgramData\TEMP => ":10E0CEB1" ADS removed successfully.

C:\ProgramData\TEMP => ":114BD271" ADS removed successfully.

C:\ProgramData\TEMP => ":165AF2C6" ADS removed successfully.

C:\ProgramData\TEMP => ":16E76E27" ADS removed successfully.

C:\ProgramData\TEMP => ":1CB3187E" ADS removed successfully.

C:\ProgramData\TEMP => ":1F9C3D08" ADS removed successfully.

C:\ProgramData\TEMP => ":242E63C5" ADS removed successfully.

C:\ProgramData\TEMP => ":2B45FFCC" ADS removed successfully.

C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.

C:\ProgramData\TEMP => ":2F141B68" ADS removed successfully.

C:\ProgramData\TEMP => ":2F5A06FD" ADS removed successfully.

C:\ProgramData\TEMP => ":30E0D641" ADS removed successfully.

C:\ProgramData\TEMP => ":3BCA993F" ADS removed successfully.

C:\ProgramData\TEMP => ":3BF63E4A" ADS removed successfully.

C:\ProgramData\TEMP => ":3CA557DB" ADS removed successfully.

C:\ProgramData\TEMP => ":3FE1A827" ADS removed successfully.

C:\ProgramData\TEMP => ":438C7496" ADS removed successfully.

C:\ProgramData\TEMP => ":439E3411" ADS removed successfully.

C:\ProgramData\TEMP => ":45D7D037" ADS removed successfully.

C:\ProgramData\TEMP => ":4BB26BE9" ADS removed successfully.

C:\ProgramData\TEMP => ":4BDE2F32" ADS removed successfully.

C:\ProgramData\TEMP => ":4C21784C" ADS removed successfully.

C:\ProgramData\TEMP => ":6641B59F" ADS removed successfully.

C:\ProgramData\TEMP => ":70B3C619" ADS removed successfully.

C:\ProgramData\TEMP => ":71004506" ADS removed successfully.

C:\ProgramData\TEMP => ":79C6A9CE" ADS removed successfully.

C:\ProgramData\TEMP => ":79FD1F58" ADS removed successfully.

C:\ProgramData\TEMP => ":7A2101AB" ADS removed successfully.

C:\ProgramData\TEMP => ":7ADA8871" ADS removed successfully.

C:\ProgramData\TEMP => ":7B13EE36" ADS removed successfully.

C:\ProgramData\TEMP => ":7E4E56EA" ADS removed successfully.

C:\ProgramData\TEMP => ":84FA02E7" ADS removed successfully.

C:\ProgramData\TEMP => ":8967C154" ADS removed successfully.

C:\ProgramData\TEMP => ":8C12CFCD" ADS removed successfully.

C:\ProgramData\TEMP => ":8DD36B71" ADS removed successfully.

C:\ProgramData\TEMP => ":94213A87" ADS removed successfully.

C:\ProgramData\TEMP => ":96646EC1" ADS removed successfully.

C:\ProgramData\TEMP => ":993185CB" ADS removed successfully.

C:\ProgramData\TEMP => ":A2B9AD4B" ADS removed successfully.

C:\ProgramData\TEMP => ":A384652A" ADS removed successfully.

C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.

C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.

C:\ProgramData\TEMP => ":B790962B" ADS removed successfully.

C:\ProgramData\TEMP => ":B9A18B9C" ADS removed successfully.

C:\ProgramData\TEMP => ":BB1102D7" ADS removed successfully.

C:\ProgramData\TEMP => ":C10D19E3" ADS removed successfully.

C:\ProgramData\TEMP => ":C46995DA" ADS removed successfully.

C:\ProgramData\TEMP => ":CB5AA1E6" ADS removed successfully.

C:\ProgramData\TEMP => ":CC45913B" ADS removed successfully.

C:\ProgramData\TEMP => ":CF31AEF5" ADS removed successfully.

C:\ProgramData\TEMP => ":CF75D88F" ADS removed successfully.

C:\ProgramData\TEMP => ":CFFA5D33" ADS removed successfully.

C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.

C:\ProgramData\TEMP => ":D2F157E3" ADS removed successfully.

C:\ProgramData\TEMP => ":D86B56BC" ADS removed successfully.

C:\ProgramData\TEMP => ":E1D06077" ADS removed successfully.

C:\ProgramData\TEMP => ":E5ADBEC3" ADS removed successfully.

C:\ProgramData\TEMP => ":ED6B6C83" ADS removed successfully.

C:\ProgramData\TEMP => ":F98E6C67" ADS removed successfully.

C:\ProgramData\TEMP => ":FA7CDE12" ADS removed successfully.

C:\ProgramData\TEMP => ":FACB65E7" ADS removed successfully.

C:\ProgramData\TEMP => ":FDDD37E8" ADS removed successfully.

C:\Users\Skip and Shannon\Downloads\RE_ Final warning....eml => ":OECustomProperty" ADS removed successfully.

 

 

The system needed a reboot.

 

==== End of Fixlog ====

 

# AdwCleaner v3.020 - Report created 06/03/2014 at 10:00:49

# Updated 27/02/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Skip and Shannon - SKIPPC

# Running from : C:\Users\Skip and Shannon\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Program Files\Mozilla Firefox\.autoreg

File Found : C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\user.js

File Found : C:\Windows\Downloaded Program Files\popcaploader.inf

File Found : C:\Windows\system32\conduitEngine.tmp

Folder Found : C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\Extensions\{efc335aa-59ec-45b0-b287-739521153d5b}

Folder Found C:\Program Files\FunWebProducts

Folder Found C:\Program Files\MyPC Backup

Folder Found C:\Program Files\MyWebSearch

Folder Found C:\Program Files\Optimizer Pro

Folder Found C:\Program Files\PC Speed Maximizer

Folder Found C:\Program Files\SearchProtect

Folder Found C:\Program Files\Whilokii

Folder Found C:\ProgramData\Conduit

Folder Found C:\ProgramData\GamesBar

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar

Folder Found C:\ProgramData\ParetoLogic

Folder Found C:\ProgramData\Trymedia

Folder Found C:\Users\Skip and Shannon\AppData\Local\Conduit

Folder Found C:\Users\Skip and Shannon\AppData\LocalLow\Conduit

Folder Found C:\Users\Skip and Shannon\AppData\LocalLow\FunWebProducts

Folder Found C:\Users\Skip and Shannon\AppData\LocalLow\MyWebSearch

Folder Found C:\Users\Skip and Shannon\AppData\LocalLow\PriceGong

Folder Found C:\Users\Skip and Shannon\AppData\Roaming\DriverCure

Folder Found C:\Users\Skip and Shannon\AppData\Roaming\ParetoLogic

Folder Found C:\Users\Skip and Shannon\AppData\Roaming\PC Speed Maximizer

Folder Found C:\Users\Skip and Shannon\AppData\Roaming\SearchProtect

Folder Found C:\Users\Skip and Shannon\AppData\Roaming\Systweak

Folder Found C:\Users\Skip and Shannon\Documents\Optimizer Pro

Folder Found C:\Users\Skip and Shannon\Documents\PC Speed Maximizer

Folder Found C:\Users\SKIPAN~1\AppData\Local\Temp\Conduit

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Found : HKCU\Software\AppDataLow\Software\Toolbar

Key Found : HKCU\Software\gamesbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Found : HKCU\Software\ParetoLogic

Key Found : HKCU\Software\systweak

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

Key Found : HKLM\SOFTWARE\Classes\oberontb.band

Key Found : HKLM\SOFTWARE\Classes\oberontb.band.1

Key Found : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO

Key Found : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO.1

Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2

Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1678857

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2528058

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\FocusInteractive

Key Found : HKLM\Software\Fun Web Products

Key Found : HKLM\Software\gamesbar

Key Found : HKLM\Software\GamesBarSetup

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar

Key Found : HKLM\Software\MyWebSearch

Key Found : HKLM\Software\ParetoLogic

Key Found : HKLM\Software\systweak

Key Found : HKLM\Software\Trymedia Systems

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16533

 

 

-\\ Mozilla Firefox v3.5.7 (en-GB)

 

[ File : C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\prefs.js ]

 

Line Found : user_pref("aol_toolbar.surf.date", "4");

Line Found : user_pref("aol_toolbar.surf.lastDate", "5");

Line Found : user_pref("aol_toolbar.surf.lastMonth", "8");

Line Found : user_pref("aol_toolbar.surf.lastYear", "2011");

Line Found : user_pref("aol_toolbar.surf.month", "4");

Line Found : user_pref("aol_toolbar.surf.prevMonth", "0");

Line Found : user_pref("aol_toolbar.surf.total", "4");

Line Found : user_pref("aol_toolbar.surf.week", "4");

Line Found : user_pref("aol_toolbar.surf.year", "4");

Line Found : user_pref("extensions.gamesbar.pogous.config.file", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<root> \r\n  <element name=\"toolbarbutton\"> \r\n    <attribute> \r\n      <id entity=\"omGamesBarCh[...]

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Skip and Shannon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [9048 octets] - [06/03/2014 10:00:49]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9108 octets] ##########

 

 

# AdwCleaner v3.020 - Report created 06/03/2014 at 10:19:35

# Updated 27/02/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Skip and Shannon - SKIPPC

# Running from : C:\Users\Skip and Shannon\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\GamesBar

Folder Deleted : C:\ProgramData\ParetoLogic

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar

Folder Deleted : C:\Program Files\FunWebProducts

Folder Deleted : C:\Program Files\MyPC Backup

Folder Deleted : C:\Program Files\MyWebSearch

Folder Deleted : C:\Program Files\Optimizer Pro

Folder Deleted : C:\Program Files\PC Speed Maximizer

Folder Deleted : C:\Program Files\SearchProtect

Folder Deleted : C:\Program Files\Whilokii

Folder Deleted : C:\Users\Skip and Shannon\AppData\Local\Conduit

Folder Deleted : C:\Users\SKIPAN~1\AppData\Local\Temp\Conduit

Folder Deleted : C:\Users\Skip and Shannon\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Skip and Shannon\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Skip and Shannon\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\Skip and Shannon\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Skip and Shannon\AppData\Roaming\DriverCure

Folder Deleted : C:\Users\Skip and Shannon\AppData\Roaming\ParetoLogic

Folder Deleted : C:\Users\Skip and Shannon\AppData\Roaming\PC Speed Maximizer

Folder Deleted : C:\Users\Skip and Shannon\AppData\Roaming\SearchProtect

Folder Deleted : C:\Users\Skip and Shannon\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Skip and Shannon\Documents\Optimizer Pro

Folder Deleted : C:\Users\Skip and Shannon\Documents\PC Speed Maximizer

Folder Deleted : C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\Extensions\{efc335aa-59ec-45b0-b287-739521153d5b}

File Deleted : C:\END

File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf

File Deleted : C:\Windows\system32\conduitEngine.tmp

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

File Deleted : C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\oberontb.band

Key Deleted : HKLM\SOFTWARE\Classes\oberontb.band.1

Key Deleted : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO

Key Deleted : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO.1

Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2

Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2528058

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]

Key Deleted : HKCU\Software\gamesbar

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\FocusInteractive

Key Deleted : HKLM\Software\Fun Web Products

Key Deleted : HKLM\Software\gamesbar

Key Deleted : HKLM\Software\GamesBarSetup

Key Deleted : HKLM\Software\MyWebSearch

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16533

 

 

-\\ Mozilla Firefox v3.5.7 (en-GB)

 

[ File : C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.surf.date", "4");

Line Deleted : user_pref("aol_toolbar.surf.lastDate", "5");

Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "8");

Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");

Line Deleted : user_pref("aol_toolbar.surf.month", "4");

Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");

Line Deleted : user_pref("aol_toolbar.surf.total", "4");

Line Deleted : user_pref("aol_toolbar.surf.week", "4");

Line Deleted : user_pref("aol_toolbar.surf.year", "4");

Line Deleted : user_pref("extensions.gamesbar.pogous.config.file", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<root> \r\n  <element name=\"toolbarbutton\"> \r\n    <attribute> \r\n      <id entity=\"omGamesBarCh[...]

 

-\\ Google Chrome v33.0.1750.146

 

[ File : C:\Users\Skip and Shannon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [9188 octets] - [06/03/2014 10:00:49]

AdwCleaner[s0].txt - [9386 octets] - [06/03/2014 10:19:35]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9446 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows Vista Home Premium x86

Ran by Skip and Shannon on 06/03/2014 at 10:50:02.85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFDD6B4A-6E5E-4D99-B52F-B03BDB3C05EE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CFDD6B4A-6E5E-4D99-B52F-B03BDB3C05EE}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\big fish"

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

Successfully deleted: [Folder] "C:\Users\Skip and Shannon\appdata\local\big fish"

Successfully deleted: [Folder] "C:\Users\Skip and Shannon\appdata\local\big fish games"

Successfully deleted: [Folder] "C:\Users\Skip and Shannon\appdata\local\cre"

Successfully deleted: [Folder] "C:\bigfishcache"

 

 

 

~~~ FireFox

 

Successfully deleted: [Folder] C:\Users\Skip and Shannon\AppData\Roaming\mozilla\firefox\profiles\cshqoc4z.default\extensions\staged

Successfully deleted the following from C:\Users\Skip and Shannon\AppData\Roaming\mozilla\firefox\profiles\cshqoc4z.default\prefs.js

 

user_pref("gamescom_toolbar.search.searchtype", "web");

user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/

Emptied folder: C:\Users\Skip and Shannon\AppData\Roaming\mozilla\firefox\profiles\cshqoc4z.default\minidumps [6 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 06/03/2014 at 10:58:44.07

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.06.06

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Skip and Shannon :: SKIPPC [administrator]

 

Protection: Enabled

 

06/03/2014 11:02:05 AM

mbam-log-2014-03-06 (11-02-05).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 274557

Time elapsed: 25 minute(s), 44 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

Ok, ignore my claim about pop-ups and floating ads no longer being a problem :S They are back, covering my screen, very hard to get work done...grrrr. Not easily closed without whole new screens opening, linking to dangerous sites, then the MBAM pop-ups are there telling me they have averted them :P

 

Ads are mostly from 'AdChoices'....

 

Shannon

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Hi Kevin...multiple threats found (and ads and browaer crashes continue :( ...

 

Here is ESET scan:

 

 

C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/FunWeb potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/FunWeb potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/FunWeb potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/FunWeb potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\ApnIC.dll06-03-2014_09-31-03 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\ApnToolbarInstaller.exe06-03-2014_09-31-03 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\AskSLib.dll06-03-2014_09-31-03 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\ConduitEngin0.dll06-03-2014_09-31-05 a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\GLF8308.tmp.tbgame.dll06-03-2014_09-31-11 a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\tbgam0.dll06-03-2014_09-31-19 a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\tbiWi2.dll06-03-2014_09-31-20 a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Public\Downloads\BookwormAdventuresSetup-dm[1].exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
C:\Users\Skip and Shannon\Downloads\IWONSetup2.3.76.6.ZLman000 (1).exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\Users\Skip and Shannon\Downloads\IWONSetup2.3.76.6.ZLman000.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\zoek_backup\C_PROGRA~2_iekjjiipmicaagpjjihphaplncejombp\yHME.js Win32/Adware.MultiPlug.H application
C:\zoek_backup\C_Users_Guest_AppData_Roaming_Mozilla_Firefox_Profiles_h37pxx1n.default_extensions_staged\4spcz.eie@awahoeieooz.org\content\bg.js Win32/Adware.MultiPlug.H application
C:\zoek_backup\C_Users_Guest_AppData_Roaming_Mozilla_Firefox_Profiles_h37pxx1n.default_extensions_staged\cluuaaq@ieeeio.co.uk\content\bg.js Win32/Adware.MultiPlug.H application
C:\zoek_backup\C_Users_Skip and Shannon_AppData_Local_Google_Chrome_User Data_Default_Extensions_lnjeclmeoipjgfogpnhgceppebdaoajn\8.3\YCuRZ3He.js Win32/Adware.MultiPlug.H application
Link to post
Share on other sites

Do not worry about late reply, we all have bad days.....

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Re-run Zoek (accept UAC) The following window will open:


Zoekb.jpg


Copy and paste the following script from the code box and paste into the field.

 

C:\Users\Public\Downloads\BookwormAdventuresSetup-dm[1].exe;fsC:\Users\Skip and Shannon\Downloads\IWONSetup2.3.76.6.ZLman000 (1).exe;fsC:\Users\Skip and Shannon\Downloads\IWONSetup2.3.76.6.ZLman000.exe;fsautoclean;emptyclsid;CHRdefaults;

Select the "Run Script" tab. The following window will open:



Zoekc.jpg



Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Zoekf.jpg

Post the produced log in your next reply, also give an update on any remaining issues or concerns.

 

Kevin

Link to post
Share on other sites

Ok, will have to do above after I do some critical homework, this is the first I've been able to get onto my school's learning platform without tons of pop up ads covering content and google crashing. I have to take advantage of this for a bit.

 

Once I get some work done, then I will re-run the Zoek scan (unless problems crop up again..)...thank you!

 

S

Link to post
Share on other sites

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Skip and Shannon on 13/03/2014 at  7:57:34.06.

Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Skip and Shannon\Desktop\Computer Fixes\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2014-03-06-182850.log 83764 bytes

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Public\Downloads\BookwormAdventuresSetup-dm[1].exe deleted

C:\Users\Skip and Shannon\Downloads\IWONSetup2.3.76.6.ZLman000 (1).exe deleted

C:\Users\Skip and Shannon\Downloads\IWONSetup2.3.76.6.ZLman000.exe deleted

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{98e34367-8df7-42b4-837b-20b892ff0849}"="C:\ProgramData\iWin Games\firefox" [27/02/2011 02:45 PM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\h37pxx1n.default

- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

 

ProfilePath: C:\Users\SKIPAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default

- Google Toolbar for Firefox - C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

- Microsoft .NET Framework Assistant - C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- Default Manager - %ProfilePath%\extensions\DefaultManager@Microsoft

- Oberon GamesBar - %ProfilePath%\extensions\gamesbar@oberon-media.com

- ArcadeFrontier - %ProfilePath%\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

- Games.com Toolbar - %ProfilePath%\extensions\{493b4069-8c4f-4b4a-8f8c-506200c9887a}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Skip and Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\cshqoc4z.default

2A30D4B6319A69C82DEF52CB3672ECEB - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll - Java Deployment Toolkit 6.0.150.3

E6D398A00E170FD0CF97C71EA47D1758 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U18

E1A5648FAC691779CE40B93F76147207 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader

7BFADF4E537F78BD70FF62B5B4F5B155 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll - RealNetworks Rhapsody Player Engine

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

24D72BBBB64487AF7CB32B2D8DA03CE5 - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In

3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

603EEEFCB32003955535EF9418C87BC9 - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll - Oberon com adapter

419680FCE774976FD752EB425D91AEDF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

DE5507DBA44CC5B6869205871B64A587 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

2DA7883A884BE60F9EB2810F67E0E361 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

16112E74A62381C69456566D35F9E51E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

BB7F5F4966E76578A3EC0D11C444C545 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

 

 

==== Chrome Look ======================

 

SiteAdvisor - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

 

==== Reset Google Chrome ======================

 

C:\Users\Skip and Shannon\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Skip and Shannon\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2136866276-1773585029-842795977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Empty IE Cache ======================

 

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Skip and Shannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Skip and Shannon\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Skip and Shannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\h37pxx1n.default\Cache emptied successfully

C:\Users\Skip and Shannon\AppData\Local\Mozilla\Firefox\Profiles\cshqoc4z.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Skip and Shannon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=358 folders=134 45053330 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Guest\AppData\Local\Temp emptied successfully

C:\Users\Skip and Shannon\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\SKIPAN~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\Skip and Shannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

 

==== EOF on 13/03/2014 at 19:29:25.23 ======================
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.