Jump to content

scamware and redirects


Recommended Posts

Hello.

 

A friend said he had "pop-ups" on his laptop and I said I'd take a look at it.  I figured he meant browser pop-ups but I guess he meant various chat pop-ups cause I'm seeing them constantly.  Looking at the desktop shortcuts alone I see several rogue programs.  The browsers are loaded with toolbars and untrusted extensions, Chrome will not work at all, and Internet settings won't stay the way I set them. I think this guy has clicked literally every scamware pop-up he's ever seen.  I wanted to uninstall MSE in favor of Avast, especially since I really can't trust anything on this laptop, but thought maybe it would be better to wait until the system is clean.  I'd appreciate any help you can give me. ^_^

 

 

 

It appears that I can't paste into the reply box for some reason.

FRST.txt

Addition.txt

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites


Had to run RK a few times.  Kept giving me incomplete logs

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Computer [Admin rights]

Mode : Scan -- Date : 04/26/2014 09:30:21

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] TorchCrashHandler.exe -- C:\Users\Computer\AppData\Local\Torch\Update\TorchCrashHandler.exe [-] -> KILLED [TermProc]

[sUSP PATH] YontooDesktop.exe -- C:\Users\Computer\AppData\Roaming\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]

[sUSP PATH] Viber.exe -- C:\Users\Computer\AppData\Local\Viber\Viber.exe [7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 22 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Computer\AppData\Roaming\Yontoo\YontooDesktop.exe" [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\Computer\AppData\Local\Viber\Viber.exe" StartMinimized [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-89018619-342231679-3100981395-1000\[...]\Run : Yontoo Desktop ("C:\Users\Computer\AppData\Roaming\Yontoo\YontooDesktop.exe" [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-89018619-342231679-3100981395-1000\[...]\Run : Viber ("C:\Users\Computer\AppData\Local\Viber\Viber.exe" StartMinimized [7]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:3128 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[PROXY IE][PUM] HKLM\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:3128 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[PROXY IE][PUM] HKLM\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[iFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND

[iFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] Updater26278.exe : C:\Users\Computer\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 1 ¤¤¤

[CHR][PUP] Default : Torch Share

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C509AE)

[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C449A1)

[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C70731)

[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C46395)

[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4940E)

[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C508ED)

[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C5E6B3)

[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C5D395)

[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C494AB)

[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C46A18)

[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C43982)

[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C5D9DA)

[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C63B52)

[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C735E7)

[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C453E5)

[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C451BF)

[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C44EA1)

[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C463E6)

[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4FCAF)

[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72FEB)

[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C43F9A)

[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C43F9A)

[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C706CC)

[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C44BAF)

[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C504BC)

[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C50473)

[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72E7F)

[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C505DD)

[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C50FB1)

[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4CD2E)

[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4F8BF)

[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C5165D)

[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4BF93)

[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C47C1F)

[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4616C)

[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72932)

[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4616C)

[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72412)

[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4FF21)

[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4616C)

[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C723B1)

[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C486E9)

[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C506E2)

[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4CDB1)

[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72350)

[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C63FBB)

[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C53611)

[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C539D9)

[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C722E4)

[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C73172)

[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C63274)

[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C7301E)

[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C729C4)

[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72BD3)

[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C7320B)

[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C72B3F)

[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C42D57)

[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4F992)

[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C51081)

[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4DF46)

[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C53CE3)

[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4F869)

[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C42E9A)

[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4F785)

[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C460AB)

[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C7312B)

[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C485B4)

[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C473D2)

[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C63D43)

[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C73296)

[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C50134)

[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C5CFE6)

[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C4B176)

[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C7068D)

[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DCFAD)

[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE059)

[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE082)

[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE0A2)

[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDDA6)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEAD0)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEAF3)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEB16)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD855)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEA2C)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEA55)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEAA7)

[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEA7E)

[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD832)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEA03)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCA1)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD9FB)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD89B)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD878)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCF0)

[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD855)

[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDC81)

[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDC03)

[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDBDA)

[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD9FB)

[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDBAE)

[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDC58)

[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDC2F)

[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDDA6)

[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD8C1)

[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD878)

[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD8EA)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDA1E)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDACA)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE010)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDB82)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDA70)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDA3E)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDB59)

[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDAED)

[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD80C)

[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD92D)

[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDD7A)

[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCA1)

[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCC4)

[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD92D)

[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD80C)

[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD950)

[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE9DA)

[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCF0)

[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDD13)

[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD976)

[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD7BA)

[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD7E3)

[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE9B1)

[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD92D)

[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEA03)

[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD8C1)

[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE9DA)

[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD90D)

[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD92D)

[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDD43)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD567)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD590)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD6CA)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD6F6)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD666)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD63D)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD53E)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD69B)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD4E9)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD4B1)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD476)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD43E)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD5E2)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD71C)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxÁ©Vø"Eÿÿÿÿ¤VtD:!©W) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD742)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD515)

[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDB59)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD791)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD768)

[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD5B9)

[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD92D)

[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD80C)

[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE010)

[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCA1)

[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE0A2)

[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD80C)

[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD878)

[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE033)

[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD9C5)

[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD8C1)

[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD832)

[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD9FB)

[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD976)

[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD99C)

[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDCA1)

[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD950)

[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDACA)

[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEB39)

[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEB5C)

[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEB39)

[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDDCC)

[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDE11)

[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDFE6)

[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDEE5)

[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DEB88)

[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD03B)

[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE676)

[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD0FC)

[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD2F0)

[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DD227)

[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE0CB)

[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DE20D)

[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x737DDDF2)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : PUP ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

54.221.22.25 ojbalidmphhoopheigckkcpldegcohhe

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3263GSX ATA Device +++++

--- User ---

[MBR] d52dc4479c375f532212bc93b041f2d0

[bSP] eacd6cd9bbe6d4f6ed0af8283e69df12 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292137 MB

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601370624 | Size: 11607 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_04262014_093020.txt >>

RKreport[0]_S_04262014_084432.txt

 

 

 

Link to post
Share on other sites

I see you don't have Malwarebytes installed, please download and install it:
http://www.malwarebytes.org/mwb-download/
Don't run it yet.

------------------------------

Next:

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ---------------------------------

    Next:

    Please uninstall these from your Programs and Features: (If possible)
    I would suggest you download and install Revo Uninstaller Free to aid in the uninstalling:

    Please download and install Revo Uninstaller Free
    http://www.revouninstaller.com/start_freeware_download.html
    Double click Revo Uninstaller to run it.
    From the list of programs double click on The Program to remove
    When prompted if you want to uninstall click Yes.
    Be sure the Moderate option is selected then click Next.
    The program will run, If prompted again click Yes
    when the built-in uninstaller is finished click on Next.
    Once the program has searched for leftovers click Next.
    Check/tick the bolded items only on the list then click Delete
    when prompted click on Yes and then on next.
    put a check on any folders that are found and select delete
    when prompted select yes then on next
    Once done click Finish.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    All of these must be uninstalled:

    Advanced System Protector
    Ask Shopping Toolbar
    Ask Toolbar
    BrowserSafeguard with RocketTab
    Delta Chrome Toolbar  
    Delta toolbar 
    Iminent 
    LessTabs 
    LPT System Updater Service 
    Lyrics On 
    MixiDJ V30 Toolbar 
    MyPC Backup 
    Movies Toolbar for Chrome
    Movies Toolbar for Internet Explorer
    Optimizer Pro v3.1 
    PriceGong 2.6.11 
    PC Fix Speed
    RegClean Pro 
    Search Protect 
    Snap.Do
    Snap.Do Engine
    Solid Savings 
    SpeedUpMyPC 
    Torch 
    Vgrabber v1 Toolbar 
    Vgrabber v1.5 Toolbar 
    Wajam 
    Yontoo 2.053 


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Next:

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    ------------------------------------------------------

    Last:

    For Malwarebytes 2.0, please run a Threat Scan
    Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine all that's found
    Post the log

    MrC
Link to post
Share on other sites

Actually I installed and ran Malwarebytes before running RK.  It had over 3000 detections, but I keep getting MBAM pop-ups about PUP's being blocked even though they're supposed to be quarantined.  I exported a log to the Documents folder and it comes up in searches but Windows can't find it, and it's not in the folder.   :huh:

 

I'll go on with Delfix after work.

Link to post
Share on other sites

I've uninstalled about half the programs so far,  though many are getting "uninstaller failed" errors.   

 

About Torch...is it that it's corrupted on this laptop, or is it a bad browser have in general.  I thought about installing it on my own laptop as I've tried it before and kinda liked it.  But if it's unsafe....

Link to post
Share on other sites

  # AdwCleaner v3.204 - Report created 26/04/2014 at 19:34:47

# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Computer - COMPUTER-PC
# Running from : C:\Users\Computer\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files\Bench
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\FindLyrics
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Computer\AppData\Local\Conduit
Folder Deleted : C:\Users\Computer\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Computer\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Computer\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Computer\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\Computer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Computer\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Computer\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Computer\AppData\LocalLow\iac
Folder Deleted : C:\Users\Computer\AppData\LocalLow\MixiDJ_V30
Folder Deleted : C:\Users\Computer\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Computer\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Computer\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Computer\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Computer\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Computer\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [lyricson@lyricson.net]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jiekonljbeipfklhchhdjddejaennfnl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oalifdbckgeckmcjidkfgiikhpcdbdah
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF43EF1-6EDD-4250-9386-3C8DD27CE942}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EF43EF1-6EDD-4250-9386-3C8DD27CE942}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{078112F1-F6FA-4DE3-97D7-8FF5FB0DA7B8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{078112F1-F6FA-4DE3-97D7-8FF5FB0DA7B8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4345F2AE-CDD5-4416-8F78-17E11B08B4B3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4345F2AE-CDD5-4416-8F78-17E11B08B4B3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4D7583D-F78A-45A7-AFB4-C3AED5A73363}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4D7583D-F78A-45A7-AFB4-C3AED5A73363}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\532ddd0b16ee945
Key Deleted : HKLM\SOFTWARE\532ddd0b16ee945
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3307181
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN32C~1.DLL
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\movies~1\datamngr\mgrldr.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45
Key Deleted : HKLM\Software\Classes\Installer\Features\EB8E7C929DBF19D4CBF44B077C815D45
Key Deleted : HKLM\Software\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [30433 octets] - [26/04/2014 19:32:16]
AdwCleaner[s0].txt - [30565 octets] - [26/04/2014 19:34:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [30626 octets] ##########
 
 
Going on with MBAM
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014

Ran by Computer at 2014-04-27 13:14:10

Running from C:\Users\Computer\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

iTunes (HKLM\...\{47C6C88F-FA95-49C8-B57D-5C5F093738E1}) (Version: 11.0.2.25 - Apple Inc.)

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Paltalk Messenger  10.4 (HKLM\...\Paltalk Messenger) (Version: 10.4.0 - AVM Software Inc.)

Paltalk Messenger Interop (HKLM\...\Paltalk Messenger Interop) (Version:  - )

PasswordBox (HKLM\...\PasswordBox) (Version: 1.28.0.3004 - PasswordBox, Inc.)

Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)

Retrogamer toolbar Chrome Extension (HKLM\...\Retrogamer_4w Chrome Extension Uninstall) (Version:  - Mindspark Interactive Network)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

Safe Monitor (HKLM\...\SafeMonitor) (Version: 2.6.17 - WebAppTech Coding, LLC)

Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

Spotflux Lite (HKLM\...\Spotflux Lite 1.0) (Version: 1.0 - Spotflux)

Spotflux Lite (Version: 1.0 - Spotflux) Hidden

sunuradiotv (HKLM\...\{E5E2F1CC-52F3-41BD-A1B4-7A730B2D35D7}) (Version: 10.9.13 - sunugraf)

Viber (HKCU\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

 

==================== Restore Points  =========================

 

26-04-2014 10:00:16 Windows Update

26-04-2014 10:01:57 Installed HiJackThis

26-04-2014 17:25:38 Windows Update

26-04-2014 19:43:46 Revo Uninstaller Pro's restore point - Actual Click Shopping

26-04-2014 19:47:31 Revo Uninstaller Pro's restore point - Camfrog Video Chat 6.5

26-04-2014 19:50:48 Revo Uninstaller Pro's restore point - Delta Chrome Toolbar

26-04-2014 19:52:22 Revo Uninstaller Pro's restore point - Delta toolbar  

26-04-2014 19:54:38 Revo Uninstaller Pro's restore point - Disk Speedup

26-04-2014 19:56:26 Revo Uninstaller Pro's restore point - DriverScanner

26-04-2014 19:58:33 Revo Uninstaller Pro's restore point - Free Mp3 Wma Converter V 2.2

26-04-2014 20:01:27 Windows Update

26-04-2014 23:29:17 Revo Uninstaller Pro's restore point - Iminent

26-04-2014 23:36:17 Revo Uninstaller Pro's restore point - MixiDJ V30 Toolbar

27-04-2014 00:47:40 Revo Uninstaller Pro's restore point - MyPC Backup 

27-04-2014 00:53:15 Revo Uninstaller Pro's restore point - Norton Security Scan

27-04-2014 00:57:59 Revo Uninstaller Pro's restore point - Optimizer Pro v3.1

27-04-2014 01:02:50 Revo Uninstaller Pro's restore point - Search Protect

27-04-2014 01:05:18 Revo Uninstaller Pro's restore point - SpeedUpMyPC

27-04-2014 01:07:02 Revo Uninstaller Pro's restore point - Vgrabber v1 Toolbar

27-04-2014 01:12:15 Revo Uninstaller Pro's restore point - Vgrabber v1.5 Toolbar

27-04-2014 01:18:40 Revo Uninstaller Pro's restore point - Video Downloader

27-04-2014 01:25:59 Revo Uninstaller Pro's restore point - Yontoo 2.053

27-04-2014 01:29:16 Revo Uninstaller Pro's restore point - Yahoo! Toolbar

27-04-2014 01:33:54 Revo Uninstaller Pro's restore point - Ask Shopping Toolbar

27-04-2014 01:37:48 Revo Uninstaller Pro's restore point - Ask Toolbar

27-04-2014 01:40:14 Revo Uninstaller Pro's restore point - Snap.Do

27-04-2014 01:44:22 Revo Uninstaller Pro's restore point - Snap.Do Engine

27-04-2014 01:45:25 Revo Uninstaller Pro's restore point - Torch

27-04-2014 01:55:28 Revo Uninstaller Pro's restore point - Advance System Protector

27-04-2014 01:56:32 Revo Uninstaller Pro's restore point - Browser Safeguard

27-04-2014 01:57:31 Revo Uninstaller Pro's restore point - Iminent

27-04-2014 01:58:18 Revo Uninstaller Pro's restore point - Less Tabs

27-04-2014 01:59:39 Revo Uninstaller Pro's restore point - LTP System Updater

27-04-2014 02:01:18 Revo Uninstaller Pro's restore point - LyricsOn

27-04-2014 02:02:38 Revo Uninstaller Pro's restore point - movie toolbar

27-04-2014 02:03:19 Revo Uninstaller Pro's restore point - Price Gong

27-04-2014 02:04:39 Revo Uninstaller Pro's restore point - pc fix speed

27-04-2014 02:05:53 Revo Uninstaller Pro's restore point - regcleanpro

27-04-2014 02:07:40 Revo Uninstaller Pro's restore point - solid savings

27-04-2014 02:08:49 Revo Uninstaller Pro's restore point - wajam

27-04-2014 08:08:16 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 19:04 - 2014-04-11 07:59 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts

54.221.22.25 ojbalidmphhoopheigckkcpldegcohhe

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {11058DA5-8205-41EB-89E2-80C4CC9B88A9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2134A2CE-B65F-46E9-A674-E266CC77B8C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09] (Google Inc.)

Task: {2FB04C9F-D761-4664-9FB2-126189E4398D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09] (Google Inc.)

Task: {381AB716-4740-4DD2-A518-A2FCB6BE30A0} - System32\Tasks\Updater26278.exe => C:\Users\Computer\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION

Task: {499DBAA8-EADB-422D-99B5-5414234B2C7C} - System32\Tasks\SpotfluxLite => C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteClient.exe [2014-02-17] (Spotflux)

Task: {69C2D8B4-1400-43A9-8473-8B0C765FBB88} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION

Task: {71140E49-EEB3-4B08-9417-77F3A02EF827} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-89018619-342231679-3100981395-1000UA => C:\Users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-19] (Facebook Inc.)

Task: {8F261243-C978-462B-8FB1-DDDCF8DA3FAF} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION

Task: {96C0D244-8835-4442-9B2D-E8FEE15E1C4A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-89018619-342231679-3100981395-1000Core => C:\Users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-19] (Facebook Inc.)

Task: {9D4F4ECF-934C-4C64-99DD-AEE69DA81E06} - System32\Tasks\{5FA1E07F-154D-4916-B161-227E7F2D6160} => Iexplore.exe http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603

Task: {E87D88C2-62F4-4E88-8773-FABA96023F9B} - System32\Tasks\spotfluxupdater => C:\Program Files\Spotflux\Spotflux Lite\Spotflux Updates.exe [2014-02-17] (Spotflux)

Task: {F1304574-8004-4FFC-AE7D-14FD342641F3} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89018619-342231679-3100981395-1000Core.job => C:\Users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89018619-342231679-3100981395-1000UA.job => C:\Users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SpotfluxLite.job => C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteClient.exe

Task: C:\Windows\Tasks\spotfluxupdater.job => C:\Program Files\Spotflux\Spotflux Lite\Spotflux Updates.exe

 

==================== Loaded Modules (whitelisted) =============

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: APNMCP => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: PasswordBox => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: SpotfluxUpdate => 3

MSCONFIG\Services: stunnel => 2

MSCONFIG\Services: TorchCrashHandler => 2

MSCONFIG\Services: YahooAUService => 2

MSCONFIG\startupfolder: C:^Users^Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup

MSCONFIG\startupreg: AGupdate => C:\Program Files\AppGraffiti\AGupdate.exe

MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Bench Communicator Watcher => C:\Program Files\Bench\Proxy\pwdg.exe

MSCONFIG\startupreg: Bench Settings Cleaner => C:\Program Files\Bench\Proxy\cl.exe

MSCONFIG\startupreg: Camfrog => "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

MSCONFIG\startupreg: Facebook Update => "C:\Users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: InboxToolbar => "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe

MSCONFIG\startupreg: PC Optimizer Pro => "C:\Program Files\PC Optimizer Pro\StartApps.exe" -s

MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup

MSCONFIG\startupreg: RebateInformer => C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP

MSCONFIG\startupreg: RunIt => "C:\Program Files\Mozilla Firefox\firefox.exe" about:newaddon?id={64d64833-9296-421b-a362-83cfbd6291b6}

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: sunuradiotv => C:\Program Files\sunugraf\sunuradiotv\iconebarre.exe

MSCONFIG\startupreg: Viber => "C:\Users\Computer\AppData\Local\Viber\Viber.exe" StartMinimized

MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Computer\AppData\Roaming\Yontoo\YontooDesktop.exe"

 

==================== Faulty Device Manager Devices =============

 

Name: MpKsl0a90645f

Description: MpKsl0a90645f

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKsl0a90645f

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/27/2014 01:12:00 PM) (Source: Application Error) (User: )

Description: Faulting application name: SpotfluxLiteService.exe, version: 1.0.0.0, time stamp: 0x52f30741

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb10c6

Exception code: 0xe0434352

Fault offset: 0x0000812f

Faulting process id: 0x494

Faulting application start time: 0xSpotfluxLiteService.exe0

Faulting application path: SpotfluxLiteService.exe1

Faulting module path: SpotfluxLiteService.exe2

Report Id: SpotfluxLiteService.exe3

 

Error: (04/27/2014 01:11:48 PM) (Source: .NET Runtime) (User: )

Description: Application: SpotfluxLiteService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileLoadException

Stack:

   at LocalPolicy.COM.IGroupPolicyObject.OpenLocalMachineGPO(UInt32)

   at LocalPolicy.ComputerGroupPolicyObject+<>c__DisplayClass2.<.ctor>b__0()

   at LocalPolicy.GroupPolicyObject.trycatch(System.Func`1<UInt32>, System.String, System.Object[])

   at LocalPolicy.ComputerGroupPolicyObject..ctor(LocalPolicy.GroupPolicyObjectSettings)

   at SpotfluxLiteWCF.Proxies.ChromeThreadMethod()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.runTryCode(System.Object)

   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/27/2014 01:09:36 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.3.0.105.msi

 

Error: (04/26/2014 07:39:08 PM) (Source: Application Error) (User: )

Description: Faulting application name: SpotfluxLiteService.exe, version: 1.0.0.0, time stamp: 0x52f30741

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb10c6

Exception code: 0xe0434352

Fault offset: 0x0000812f

Faulting process id: 0x7f4

Faulting application start time: 0xSpotfluxLiteService.exe0

Faulting application path: SpotfluxLiteService.exe1

Faulting module path: SpotfluxLiteService.exe2

Report Id: SpotfluxLiteService.exe3

 

Error: (04/26/2014 07:38:39 PM) (Source: .NET Runtime) (User: )

Description: Application: SpotfluxLiteService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileLoadException

Stack:

   at LocalPolicy.COM.IGroupPolicyObject.OpenLocalMachineGPO(UInt32)

   at LocalPolicy.ComputerGroupPolicyObject+<>c__DisplayClass2.<.ctor>b__0()

   at LocalPolicy.GroupPolicyObject.trycatch(System.Func`1<UInt32>, System.String, System.Object[])

   at LocalPolicy.ComputerGroupPolicyObject..ctor(LocalPolicy.GroupPolicyObjectSettings)

   at SpotfluxLiteWCF.Proxies.FirefoxThreadMethod()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.runTryCode(System.Object)

   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/26/2014 07:20:00 PM) (Source: Application Error) (User: )

Description: Faulting application name: SpotfluxLiteService.exe, version: 1.0.0.0, time stamp: 0x52f30741

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb10c6

Exception code: 0xe0434352

Fault offset: 0x0000812f

Faulting process id: 0x59c

Faulting application start time: 0xSpotfluxLiteService.exe0

Faulting application path: SpotfluxLiteService.exe1

Faulting module path: SpotfluxLiteService.exe2

Report Id: SpotfluxLiteService.exe3

 

Error: (04/26/2014 07:19:39 PM) (Source: .NET Runtime) (User: )

Description: Application: SpotfluxLiteService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileLoadException

Stack:

   at LocalPolicy.COM.IGroupPolicyObject.OpenLocalMachineGPO(UInt32)

   at LocalPolicy.ComputerGroupPolicyObject+<>c__DisplayClass2.<.ctor>b__0()

   at LocalPolicy.GroupPolicyObject.trycatch(System.Func`1<UInt32>, System.String, System.Object[])

   at LocalPolicy.ComputerGroupPolicyObject..ctor(LocalPolicy.GroupPolicyObjectSettings)

   at SpotfluxLiteWCF.Proxies.FirefoxThreadMethod()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.runTryCode(System.Object)

   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/26/2014 05:41:43 PM) (Source: Application Hang) (User: )

Description: The program MyPC Backup.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: fe4

 

Start Time: 01cf61a6d42fdd8e

 

Termination Time: 31

 

Application Path: C:\Program Files\MyPC Backup\MyPC Backup.exe

 

Report Id:

 

Error: (04/26/2014 04:29:11 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {65a946c6-ea97-4b3c-b620-17c0e5fa4a31}

 

Error: (04/26/2014 04:26:45 PM) (Source: Application Error) (User: )

Description: Faulting application name: SpotfluxLiteService.exe, version: 1.0.0.0, time stamp: 0x52f30741

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb10c6

Exception code: 0xe0434352

Fault offset: 0x0000812f

Faulting process id: 0x814

Faulting application start time: 0xSpotfluxLiteService.exe0

Faulting application path: SpotfluxLiteService.exe1

Faulting module path: SpotfluxLiteService.exe2

Report Id: SpotfluxLiteService.exe3

 

 

System errors:

=============

Error: (04/27/2014 01:12:02 PM) (Source: Service Control Manager) (User: )

Description: The Spotflux Lite service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/27/2014 01:09:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).

 

Error: (04/26/2014 07:39:21 PM) (Source: Service Control Manager) (User: )

Description: The Spotflux Lite service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/26/2014 07:20:14 PM) (Source: Service Control Manager) (User: )

Description: The Spotflux Lite service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/26/2014 05:49:12 PM) (Source: Service Control Manager) (User: )

Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/26/2014 04:27:37 PM) (Source: Service Control Manager) (User: )

Description: The Spotflux Lite service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/26/2014 01:02:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).

 

Error: (04/26/2014 00:27:05 PM) (Source: Service Control Manager) (User: )

Description: The Spotflux Lite service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/26/2014 10:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).

 

Error: (04/26/2014 09:09:35 AM) (Source: Service Control Manager) (User: )

Description: The Torch Crash Handler service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (04/27/2014 01:12:00 PM) (Source: Application Error)(User: )

Description: SpotfluxLiteService.exe1.0.0.052f30741KERNELBASE.dll6.1.7601.1822951fb10c6e04343520000812f49401cf62545e682835C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteService.exeC:\Windows\system32\KERNELBASE.dll302506a6-ce48-11e3-b8fd-00266ccaf370

 

Error: (04/27/2014 01:11:48 PM) (Source: .NET Runtime)(User: )

Description: Application: SpotfluxLiteService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileLoadException

Stack:

   at LocalPolicy.COM.IGroupPolicyObject.OpenLocalMachineGPO(UInt32)

   at LocalPolicy.ComputerGroupPolicyObject+<>c__DisplayClass2.<.ctor>b__0()

   at LocalPolicy.GroupPolicyObject.trycatch(System.Func`1<UInt32>, System.String, System.Object[])

   at LocalPolicy.ComputerGroupPolicyObject..ctor(LocalPolicy.GroupPolicyObjectSettings)

   at SpotfluxLiteWCF.Proxies.ChromeThreadMethod()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.runTryCode(System.Object)

   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/27/2014 01:09:36 AM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.3.0.105.msi(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/26/2014 07:39:08 PM) (Source: Application Error)(User: )

Description: SpotfluxLiteService.exe1.0.0.052f30741KERNELBASE.dll6.1.7601.1822951fb10c6e04343520000812f7f401cf61c1ac324998C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteService.exeC:\Windows\system32\KERNELBASE.dll1aadcadd-cdb5-11e3-8a96-00266ccaf370

 

Error: (04/26/2014 07:38:39 PM) (Source: .NET Runtime)(User: )

Description: Application: SpotfluxLiteService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileLoadException

Stack:

   at LocalPolicy.COM.IGroupPolicyObject.OpenLocalMachineGPO(UInt32)

   at LocalPolicy.ComputerGroupPolicyObject+<>c__DisplayClass2.<.ctor>b__0()

   at LocalPolicy.GroupPolicyObject.trycatch(System.Func`1<UInt32>, System.String, System.Object[])

   at LocalPolicy.ComputerGroupPolicyObject..ctor(LocalPolicy.GroupPolicyObjectSettings)

   at SpotfluxLiteWCF.Proxies.FirefoxThreadMethod()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.runTryCode(System.Object)

   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/26/2014 07:20:00 PM) (Source: Application Error)(User: )

Description: SpotfluxLiteService.exe1.0.0.052f30741KERNELBASE.dll6.1.7601.1822951fb10c6e04343520000812f59c01cf61bef3f03a8fC:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteService.exeC:\Windows\system32\KERNELBASE.dll6e6ec01e-cdb2-11e3-9839-00266ccaf370

 

Error: (04/26/2014 07:19:39 PM) (Source: .NET Runtime)(User: )

Description: Application: SpotfluxLiteService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileLoadException

Stack:

   at LocalPolicy.COM.IGroupPolicyObject.OpenLocalMachineGPO(UInt32)

   at LocalPolicy.ComputerGroupPolicyObject+<>c__DisplayClass2.<.ctor>b__0()

   at LocalPolicy.GroupPolicyObject.trycatch(System.Func`1<UInt32>, System.String, System.Object[])

   at LocalPolicy.ComputerGroupPolicyObject..ctor(LocalPolicy.GroupPolicyObjectSettings)

   at SpotfluxLiteWCF.Proxies.FirefoxThreadMethod()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.runTryCode(System.Object)

   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/26/2014 05:41:43 PM) (Source: Application Hang)(User: )

Description: MyPC Backup.exe1.0.0.0fe401cf61a6d42fdd8e31C:\Program Files\MyPC Backup\MyPC Backup.exe

 

Error: (04/26/2014 04:29:11 PM) (Source: VSS)(User: )

Description: 0x80070005, Access is denied.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {65a946c6-ea97-4b3c-b620-17c0e5fa4a31}

 

Error: (04/26/2014 04:26:45 PM) (Source: Application Error)(User: )

Description: SpotfluxLiteService.exe1.0.0.052f30741KERNELBASE.dll6.1.7601.1822951fb10c6e04343520000812f81401cf61a6be2fe5cbC:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteService.exeC:\Windows\system32\KERNELBASE.dll3adfe7a7-cd9a-11e3-8771-00266ccaf370

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 43%

Total physical RAM: 2662.87 MB

Available physical RAM: 1499.57 MB

Total Pagefile: 5324.02 MB

Available Pagefile: 4077.19 MB

Total Virtual: 2047.88 MB

Available Virtual: 1932.81 MB

 

==================== Drives ================================

 

Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:166.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2B538AD9)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11 GB) - (Type=17)

 

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014

Ran by Computer (administrator) on COMPUTER-PC on 27-04-2014 13:11:35

Running from C:\Users\Computer\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Spotflux) C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteClient.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft) C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteService.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-22] (Microsoft Corporation)

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: http=127.0.0.1:3128

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB2B2172DA51CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

URLSearchHook: HKLM - (No Name) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} -  No File

URLSearchHook: HKLM - (No Name) - {73507124-6acd-43aa-b749-c3bcfefbea97} -  No File

URLSearchHook: HKCU - (No Name) - {e8beb6bf-6824-492f-8ea4-6da0b026e9a8} - C:\Program Files\YourVideoChat_86\bar\1.bin\86SrcAs.dll No File

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10649&apn_ptnrs=AGA&q={searchTerms}

BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO: No Name - {73507124-6acd-43aa-b749-c3bcfefbea97} -  No File

BHO: No Name - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} -  No File

Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

Toolbar: HKCU - No Name - {434D472D-5636-006A-76A7-7A786E7484D7} -  No File

Toolbar: HKCU - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File

Toolbar: HKCU - No Name - {504C5456-352D-5341-5400-7A786E7484D7} -  No File

Toolbar: HKCU - No Name - {73507124-6ACD-43AA-B749-C3BCFEFBEA97} -  No File


Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: 54.221.22.25 ojbalidmphhoopheigckkcpldegcohhe

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Computer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

Chrome: 

=======


CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\YourVideoChat_86\bar\1.bin\NP86Stub.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Computer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CHR Extension: (Movies Toolbar) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaifmhgonleehnkppkhhchcbhhigac [2014-04-26]

CHR Extension: (Allin1Convert) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epikbiglahnndfidencpcjhnefnmooeg [2014-03-18]

CHR Extension: (Google Wallet) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

CHR HKLM\...\Chrome\Extension: [aaaaifmhgonleehnkppkhhchcbhhigac] - C:\Users\Computer\AppData\Local\koyotesoftmoviestoolbar\GC\toolbar.crx [2013-06-25]

CHR HKCU\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Computer\AppData\Local\Temp\CT3307181.crx [2013-06-25]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

S4 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-05-16] (PasswordBox, Inc.)

S2 SpotfluxLiteService.exe; C:\Program Files\Spotflux\Spotflux Lite\SpotfluxLiteService.exe [19312 2014-02-17] (Microsoft)

S4 SpotfluxUpdate; C:\Program Files\Spotflux\Spotflux Lite\Spotflux Updates.exe [368496 2014-02-17] (Spotflux)

S4 stunnel; C:\Program Files\Spotflux\Spotflux Lite\tunnel\stunnel.exe [110448 2014-02-17] (Michal Trojnara)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-27] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [765072 2012-06-19] (Realtek Semiconductor Corporation                           )

U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-26] ()

S1 dtewsphb; \??\C:\Windows\system32\drivers\dtewsphb.sys [X]

S1 MpKsl0a90645f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7218336D-7162-4140-A853-36D0ACA85C11}\MpKsl0a90645f.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-27 13:11 - 2014-04-27 13:11 - 00000000 ____D () C:\Users\Computer\Desktop\FRST-OlderVersion

2014-04-26 22:18 - 2014-04-26 22:18 - 00000238 _____ () C:\Users\Computer\Documents\eset.txt

2014-04-26 19:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-04-26 19:32 - 2014-04-26 19:35 - 00000000 ____D () C:\AdwCleaner

2014-04-26 19:29 - 2014-04-26 19:31 - 01329501 _____ () C:\Users\Computer\Desktop\AdwCleaner.exe

2014-04-26 17:51 - 2014-04-26 17:51 - 00000000 ____D () C:\Windows\pss

2014-04-26 12:38 - 2014-04-26 12:39 - 00000266 _____ () C:\DelFix.txt

2014-04-26 12:38 - 2014-04-26 12:38 - 00000000 ____D () C:\Windows\ERUNT

2014-04-26 12:36 - 2014-04-26 12:37 - 00707006 _____ () C:\Users\Computer\Desktop\delfix.exe

2014-04-26 09:30 - 2014-04-26 09:30 - 00030404 _____ () C:\Users\Computer\Desktop\RKreport[0]_S_04262014_093020.txt

2014-04-26 08:46 - 2014-04-26 08:46 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps

2014-04-26 08:44 - 2014-04-26 08:44 - 00024318 _____ () C:\Users\Computer\Desktop\RKreport[0]_S_04262014_084432.txt

2014-04-26 08:34 - 2014-04-26 09:10 - 00026624 _____ () C:\Windows\system32\TrueSight.sys

2014-04-26 08:30 - 2014-04-26 09:07 - 00000000 ____D () C:\Users\Computer\Desktop\RK_Quarantine

2014-04-26 08:28 - 2014-04-26 08:28 - 03972608 _____ () C:\Users\Computer\Desktop\RogueKiller.exe

2014-04-26 05:44 - 2014-04-27 13:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-26 05:42 - 2014-04-26 05:42 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-26 05:42 - 2014-04-26 05:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-26 05:41 - 2014-04-26 05:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-26 05:41 - 2014-04-26 05:41 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-26 05:41 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-26 05:41 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-26 05:41 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-26 05:39 - 2014-04-26 05:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-26 03:47 - 2014-04-26 03:49 - 00036880 _____ () C:\Users\Computer\Desktop\Addition2.txt

2014-04-26 03:46 - 2014-04-27 13:12 - 00009136 _____ () C:\Users\Computer\Desktop\FRST.txt

2014-04-26 03:45 - 2014-04-27 13:11 - 00000000 ____D () C:\FRST

2014-04-26 03:43 - 2014-04-27 13:11 - 01049600 _____ (Farbar) C:\Users\Computer\Desktop\FRST.exe

2014-04-26 03:12 - 2014-04-26 03:12 - 00000000 __SHD () C:\Users\Computer\AppData\Local\EmieUserList

2014-04-26 03:12 - 2014-04-26 03:12 - 00000000 __SHD () C:\Users\Computer\AppData\Local\EmieSiteList

2014-04-26 03:08 - 2014-04-26 03:08 - 00014191 _____ () C:\Users\Computer\Desktop\hijackthis.log

2014-04-26 03:02 - 2014-04-26 03:02 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-04-26 03:02 - 2014-04-26 03:02 - 00000000 ____D () C:\Program Files\Trend Micro

2014-04-26 03:00 - 2014-04-26 03:00 - 01402880 _____ () C:\Users\Computer\Downloads\HiJackThis.msi

2014-04-26 02:22 - 2014-04-26 02:22 - 00001237 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-04-26 02:22 - 2014-04-26 02:22 - 00000000 ____D () C:\Users\Computer\AppData\Local\VS Revo Group

2014-04-26 02:22 - 2014-04-26 02:22 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-04-26 02:22 - 2014-04-26 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-04-26 02:22 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-04-26 02:21 - 2014-04-26 02:21 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-04-26 02:14 - 2014-04-26 02:18 - 10619688 _____ (VS Revo Group ) C:\Users\Computer\Downloads\RevoUninProSetup.exe

2014-04-10 08:46 - 2014-04-26 16:25 - 00000003 _____ () C:\Users\Computer\AppData\Local\proxy.log

2014-04-10 07:21 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-10 07:21 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-10 07:20 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-10 07:20 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-10 07:20 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-10 07:20 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-10 07:20 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-10 07:20 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-10 07:20 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-10 07:20 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-10 07:20 - 2014-03-06 00:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-10 07:20 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-10 07:20 - 2014-03-06 00:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-10 07:20 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-10 07:20 - 2014-03-06 00:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-10 07:20 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-10 07:20 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-10 07:20 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-10 07:20 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-10 07:20 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-10 07:19 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-10 07:19 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-10 07:19 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-10 07:19 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-10 07:19 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-10 07:19 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-08 23:38 - 2014-03-04 02:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

 

==================== One Month Modified Files and Folders =======

 

2014-04-27 13:12 - 2014-04-26 03:46 - 00009136 _____ () C:\Users\Computer\Desktop\FRST.txt

2014-04-27 13:12 - 2013-05-14 23:04 - 01962388 _____ () C:\Windows\WindowsUpdate.log

2014-04-27 13:11 - 2014-04-27 13:11 - 00000000 ____D () C:\Users\Computer\Desktop\FRST-OlderVersion

2014-04-27 13:11 - 2014-04-26 03:45 - 00000000 ____D () C:\FRST

2014-04-27 13:11 - 2014-04-26 03:43 - 01049600 _____ (Farbar) C:\Users\Computer\Desktop\FRST.exe

2014-04-27 13:11 - 2014-03-18 17:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-04-27 13:10 - 2014-04-26 05:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-27 13:10 - 2013-06-09 12:19 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-27 13:07 - 2014-03-18 17:14 - 00000282 ____H () C:\Windows\Tasks\SpotfluxLite.job

2014-04-27 13:07 - 2013-06-09 12:19 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-27 13:07 - 2013-05-16 08:39 - 00038068 _____ () C:\Windows\setupact.log

2014-04-27 13:07 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-27 01:09 - 2013-05-16 08:05 - 00000000 ____D () C:\ProgramData\Skype

2014-04-27 00:35 - 2013-05-19 21:30 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89018619-342231679-3100981395-1000UA.job

2014-04-26 22:18 - 2014-04-26 22:18 - 00000238 _____ () C:\Users\Computer\Documents\eset.txt

2014-04-26 21:35 - 2013-05-19 21:30 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89018619-342231679-3100981395-1000Core.job

2014-04-26 19:46 - 2009-07-13 21:34 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-26 19:46 - 2009-07-13 21:34 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-26 19:37 - 2013-05-19 01:26 - 00983034 _____ () C:\Windows\PFRO.log

2014-04-26 19:35 - 2014-04-26 19:32 - 00000000 ____D () C:\AdwCleaner

2014-04-26 19:31 - 2014-04-26 19:29 - 01329501 _____ () C:\Users\Computer\Desktop\AdwCleaner.exe

2014-04-26 18:33 - 2013-05-17 23:10 - 00000000 ____D () C:\Program Files\Yahoo!

2014-04-26 18:30 - 2013-05-17 23:10 - 00000000 ____D () C:\ProgramData\Yahoo!

2014-04-26 18:06 - 2014-01-15 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

2014-04-26 17:55 - 2013-05-23 14:24 - 00000000 ____D () C:\ProgramData\Norton

2014-04-26 17:51 - 2014-04-26 17:51 - 00000000 ____D () C:\Windows\pss

2014-04-26 17:41 - 2013-05-16 08:06 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Skype

2014-04-26 17:04 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache

2014-04-26 16:26 - 2014-01-17 04:03 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\ViberPC

2014-04-26 16:26 - 2014-01-17 03:53 - 00000000 ____D () C:\Users\Computer\AppData\Local\Viber

2014-04-26 16:25 - 2014-04-10 08:46 - 00000003 _____ () C:\Users\Computer\AppData\Local\proxy.log

2014-04-26 12:48 - 2013-05-15 21:09 - 00000000 ____D () C:\Program Files\Camfrog

2014-04-26 12:39 - 2014-04-26 12:38 - 00000266 _____ () C:\DelFix.txt

2014-04-26 12:38 - 2014-04-26 12:38 - 00000000 ____D () C:\Windows\ERUNT

2014-04-26 12:37 - 2014-04-26 12:36 - 00707006 _____ () C:\Users\Computer\Desktop\delfix.exe

2014-04-26 12:28 - 2013-05-23 14:25 - 00000000 ____D () C:\Program Files\PasswordBox

2014-04-26 09:30 - 2014-04-26 09:30 - 00030404 _____ () C:\Users\Computer\Desktop\RKreport[0]_S_04262014_093020.txt

2014-04-26 09:10 - 2014-04-26 08:34 - 00026624 _____ () C:\Windows\system32\TrueSight.sys

2014-04-26 09:07 - 2014-04-26 08:30 - 00000000 ____D () C:\Users\Computer\Desktop\RK_Quarantine

2014-04-26 08:50 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\schemas

2014-04-26 08:46 - 2014-04-26 08:46 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps

2014-04-26 08:45 - 2014-01-15 05:57 - 00000000 ____D () C:\ProgramData\Systweak

2014-04-26 08:45 - 2014-01-15 05:49 - 00000000 ____D () C:\ProgramData\Conduit

2014-04-26 08:45 - 2013-06-09 15:19 - 00000000 ____D () C:\Program Files\SafeMonitor

2014-04-26 08:44 - 2014-04-26 08:44 - 00024318 _____ () C:\Users\Computer\Desktop\RKreport[0]_S_04262014_084432.txt

2014-04-26 08:43 - 2013-08-01 19:28 - 00000000 ____D () C:\ProgramData\Wincert

2014-04-26 08:28 - 2014-04-26 08:28 - 03972608 _____ () C:\Users\Computer\Desktop\RogueKiller.exe

2014-04-26 05:42 - 2014-04-26 05:42 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-26 05:42 - 2014-04-26 05:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-26 05:42 - 2014-04-26 05:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-26 05:41 - 2014-04-26 05:41 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-26 05:40 - 2014-04-26 05:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-26 03:49 - 2014-04-26 03:47 - 00036880 _____ () C:\Users\Computer\Desktop\Addition2.txt

2014-04-26 03:23 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-04-26 03:12 - 2014-04-26 03:12 - 00000000 __SHD () C:\Users\Computer\AppData\Local\EmieUserList

2014-04-26 03:12 - 2014-04-26 03:12 - 00000000 __SHD () C:\Users\Computer\AppData\Local\EmieSiteList

2014-04-26 03:08 - 2014-04-26 03:08 - 00014191 _____ () C:\Users\Computer\Desktop\hijackthis.log

2014-04-26 03:02 - 2014-04-26 03:02 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-04-26 03:02 - 2014-04-26 03:02 - 00000000 ____D () C:\Program Files\Trend Micro

2014-04-26 03:00 - 2014-04-26 03:00 - 01402880 _____ () C:\Users\Computer\Downloads\HiJackThis.msi

2014-04-26 02:46 - 2013-05-15 21:09 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Camfrog

2014-04-26 02:22 - 2014-04-26 02:22 - 00001237 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-04-26 02:22 - 2014-04-26 02:22 - 00000000 ____D () C:\Users\Computer\AppData\Local\VS Revo Group

2014-04-26 02:22 - 2014-04-26 02:22 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-04-26 02:22 - 2014-04-26 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-04-26 02:21 - 2014-04-26 02:21 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-04-26 02:18 - 2014-04-26 02:14 - 10619688 _____ (VS Revo Group ) C:\Users\Computer\Downloads\RevoUninProSetup.exe

2014-04-26 02:17 - 2013-06-09 12:25 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-04-26 01:42 - 2014-03-18 17:14 - 00000360 ____H () C:\Windows\Tasks\spotfluxupdater.job

2014-04-09 03:41 - 2013-05-15 18:41 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-06 03:42 - 2013-05-15 23:04 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-04-06 03:42 - 2013-05-15 23:04 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-04-06 03:41 - 2013-05-15 23:04 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-03 09:51 - 2014-04-26 05:41 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-26 05:41 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-26 05:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

Some content of TEMP:

====================

C:\Users\Computer\AppData\Local\Temp\58AF_camfrog.exe

C:\Users\Computer\AppData\Local\Temp\8081.exe

C:\Users\Computer\AppData\Local\Temp\airE729.exe

C:\Users\Computer\AppData\Local\Temp\APNSetup.exe

C:\Users\Computer\AppData\Local\Temp\BackupSetup.exe

C:\Users\Computer\AppData\Local\Temp\BundleSweetIMSetup.exe

C:\Users\Computer\AppData\Local\Temp\Delta.exe

C:\Users\Computer\AppData\Local\Temp\DeltaTB.exe

C:\Users\Computer\AppData\Local\Temp\dotNetFx40_Client_setup.exe

C:\Users\Computer\AppData\Local\Temp\MybabylonTB.exe

C:\Users\Computer\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Computer\AppData\Local\Temp\PaltalkTemp2.exe

C:\Users\Computer\AppData\Local\Temp\propsys.dll

C:\Users\Computer\AppData\Local\Temp\Quarantine.exe

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite19635.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite44278.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite70473.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite79426.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite87265.dll

C:\Users\Computer\AppData\Local\Temp\uninst1.exe

C:\Users\Computer\AppData\Local\Temp\vcredist_x86.exe

C:\Users\Computer\AppData\Local\Temp\WSSetup.exe

C:\Users\Computer\AppData\Local\Temp\{DBA08291-DD5D-4075-8362-3C9D347C7CED}-30.0.1599.101_29.0.1547.76_chrome_updater.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-26 10:02

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then:

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Last:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Reboot and let me know how it is, MrC
Link to post
Share on other sites

Saw your reply before work and ran the Adw at lunch time.  By the time I got home I forgot JRT wouldn't run, was looking all over the place the log! :wacko: 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014

Ran by Computer at 2014-04-28 05:15:47 Run:1

Running from C:\Users\Computer\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

URLSearchHook: HKLM - (No Name) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} -  No File

URLSearchHook: HKLM - (No Name) - {73507124-6acd-43aa-b749-c3bcfefbea97} -  No File

URLSearchHook: HKCU - (No Name) - {e8beb6bf-6824-492f-8ea4-6da0b026e9a8} - C:\Program Files\YourVideoChat_86\bar\1.bin\86SrcAs.dll No File

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = http://dts.search.as...pn_ptnrs=AGA&q={searchTerms}

BHO: No Name - {73507124-6acd-43aa-b749-c3bcfefbea97} -  No File

BHO: No Name - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} -  No File

Toolbar: HKCU - No Name - {434D472D-5636-006A-76A7-7A786E7484D7} -  No File

Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File

Toolbar: HKCU - No Name - {504C5456-352D-5341-5400-7A786E7484D7} -  No File

Toolbar: HKCU - No Name - {73507124-6ACD-43AA-B749-C3BCFEFBEA97} -  No File

Hosts: 54.221.22.25 ojbalidmphhoopheigckkcpldegcohhe

FF Plugin: @microsoft.com/GENUINE - disabled No File

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\YourVideoChat_86\bar\1.bin\NP86Stub.dll No File

CHR Extension: (Movies Toolbar) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaifmhgonleehnkppkhhchcbhhigac [2014-04-26]

CHR Extension: (Allin1Convert) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epikbiglahnndfidencpcjhnefnmooeg [2014-03-18]

CHR HKLM\...\Chrome\Extension: [aaaaifmhgonleehnkppkhhchcbhhigac] - C:\Users\Computer\AppData\Local\koyotesoftmoviestoolbar\GC\toolbar.crx [2013-06-25]

CHR HKCU\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Computer\AppData\Local\Temp\CT3307181.crx [2013-06-25]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S1 dtewsphb; \??\C:\Windows\system32\drivers\dtewsphb.sys [X]

2014-04-26 08:45 - 2014-01-15 05:49 - 00000000 ____D () C:\ProgramData\Conduit

C:\Users\Computer\AppData\Local\Temp\58AF_camfrog.exe

C:\Users\Computer\AppData\Local\Temp\8081.exe

C:\Users\Computer\AppData\Local\Temp\airE729.exe

C:\Users\Computer\AppData\Local\Temp\APNSetup.exe

C:\Users\Computer\AppData\Local\Temp\BackupSetup.exe

C:\Users\Computer\AppData\Local\Temp\BundleSweetIMSetup.exe

C:\Users\Computer\AppData\Local\Temp\Delta.exe

C:\Users\Computer\AppData\Local\Temp\DeltaTB.exe

C:\Users\Computer\AppData\Local\Temp\dotNetFx40_Client_setup.exe

C:\Users\Computer\AppData\Local\Temp\MybabylonTB.exe

C:\Users\Computer\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Computer\AppData\Local\Temp\PaltalkTemp2.exe

C:\Users\Computer\AppData\Local\Temp\propsys.dll

C:\Users\Computer\AppData\Local\Temp\Quarantine.exe

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite19635.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite44278.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite70473.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite79426.dll

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite87265.dll

C:\Users\Computer\AppData\Local\Temp\uninst1.exe

C:\Users\Computer\AppData\Local\Temp\vcredist_x86.exe

C:\Users\Computer\AppData\Local\Temp\WSSetup.exe

C:\Users\Computer\AppData\Local\Temp\{DBA08291-DD5D-4075-8362-3C9D347C7CED}-30.0.1599.101_29.0.1547.76_chrome_updater.exe

Task: {381AB716-4740-4DD2-A518-A2FCB6BE30A0} - System32\Tasks\Updater26278.exe => C:\Users\Computer\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION

Task: {69C2D8B4-1400-43A9-8473-8B0C765FBB88} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION

Task: {8F261243-C978-462B-8FB1-DDDCF8DA3FAF} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION

 

 

*****************

 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Value deleted successfully.

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{73507124-6acd-43aa-b749-c3bcfefbea97} => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e8beb6bf-6824-492f-8ea4-6da0b026e9a8} => Value deleted successfully.

HKCR\CLSID\{e8beb6bf-6824-492f-8ea4-6da0b026e9a8} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully.

HKCR\CLSID\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Key deleted successfully.

HKCR\CLSID\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{434D472D-5636-006A-76A7-7A786E7484D7} => Value deleted successfully.

HKCR\CLSID\{434D472D-5636-006A-76A7-7A786E7484D7} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F7F82F1-7C95-47CD-814F-950B56D58FC3} => Value deleted successfully.

HKCR\CLSID\{7F7F82F1-7C95-47CD-814F-950B56D58FC3} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{504C5456-352D-5341-5400-7A786E7484D7} => Value deleted successfully.

HKCR\CLSID\{504C5456-352D-5341-5400-7A786E7484D7} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{73507124-6ACD-43AA-B749-C3BCFEFBEA97} => Value deleted successfully.

HKCR\CLSID\{73507124-6ACD-43AA-B749-C3BCFEFBEA97} => Key not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.

FF Plugin: @microsoft.com/GENUINE - disabled No File not found.

C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.

C:\Program Files\YourVideoChat_86\bar\1.bin\NP86Stub.dll not found.

C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaifmhgonleehnkppkhhchcbhhigac => Moved successfully.

C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\epikbiglahnndfidencpcjhnefnmooeg => Moved successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaifmhgonleehnkppkhhchcbhhigac => Key deleted successfully.

C:\Users\Computer\AppData\Local\koyotesoftmoviestoolbar\GC\toolbar.crx => Moved successfully.

HKCU\SOFTWARE\Google\Chrome\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal => Key deleted successfully.

"C:\Users\Computer\AppData\Local\Temp\CT3307181.crx" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

dtewsphb => Service deleted successfully.

C:\ProgramData\Conduit => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\58AF_camfrog.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\8081.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\airE729.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\APNSetup.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\BackupSetup.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\Delta.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\DeltaTB.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\dotNetFx40_Client_setup.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\PaltalkTemp2.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\propsys.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite19635.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite44278.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite70473.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite79426.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\System.Data.SQLite87265.dll => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\uninst1.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\WSSetup.exe => Moved successfully.

C:\Users\Computer\AppData\Local\Temp\{DBA08291-DD5D-4075-8362-3C9D347C7CED}-30.0.1599.101_29.0.1547.76_chrome_updater.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{381AB716-4740-4DD2-A518-A2FCB6BE30A0} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{381AB716-4740-4DD2-A518-A2FCB6BE30A0} => Key deleted successfully.

C:\Windows\System32\Tasks\Updater26278.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69C2D8B4-1400-43A9-8473-8B0C765FBB88} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69C2D8B4-1400-43A9-8473-8B0C765FBB88} => Key deleted successfully.

C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F261243-C978-462B-8FB1-DDDCF8DA3FAF} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F261243-C978-462B-8FB1-DDDCF8DA3FAF} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => Key deleted successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

 

ADW

 

# AdwCleaner v3.205 - Report created 28/04/2014 at 12:59:56

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : Computer - COMPUTER-PC

# Running from : C:\Users\Computer\Desktop\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [773 octets] - [28/04/2014 12:58:26]

AdwCleaner[s0].txt - [695 octets] - [28/04/2014 12:59:56]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [754 octets] ##########

 

 

 

Computer seems to be doing okay.  It's pretty slow, but I figure it's from poor (or no) maintenance over time.  Gonna run Tweaking's Windows Repair after all else is done.  Pop-ups and browser redirects are gone, don't notice anything else unusual.  :)
Link to post
Share on other sites

OK, I'd be very careful with running Windows Repair.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

I'll be sure to back it up to my external HD before running repair.

 

 

Results of screen317's Security Check version 0.99.82  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````[/ ] 

 Google Chrome 26.0.1410.43  

 Google Chrome 26.0.1410.64  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

That looks OK......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.