Jump to content

Help, can't open or run MBAM!


Recommended Posts

When I click to open MBAM I get a pop up saying that the program is blocked by group policy and to contact my system administrator. I am logged on as administrator.

 

I can open and run MBAM in safe mode, which I have done and it highlighted threats which I then removed, after restarting my computer into normal mode I then got the same pop up. As instructed I downloaded Farbar recovery Scan tool and saved the FRST and Addition.

 

I also can't open Microsoft Security Essentials and it won't let me check for windows updates.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Can you post the two logs from FRST...

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2014
Ran by default user (administrator) on DEFAULTUSER-PC on 14-05-2014 16:16:06
Running from C:\Users\default user.defaultuser-PC\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SAC) C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [sacReminder] => C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe [825152 2009-06-26] (SAC)
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [ievVvnyv] => C:\Users\default user.defaultuser-PC\AppData\Local\axejlnpi\ievvvnyv.exe
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [kqvctvy] => regsvr32.exe "C:\ProgramData\kqvctvy.dat"
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\MountPoints2: {aec594d5-e025-11df-8c99-001dba8b7bb9} - G:\StartClickFreeBackup.exe
Startup: C:\Users\default user.defaultuser-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=A695001FE1D73E52
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=A695001FE1D73E52
CHR StartupUrls: "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=A695001FE1D73E52"
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 cdsfufau; \??\C:\Windows\system32\drivers\cdsfufau.sys [X]
S1 deeofnki; \??\C:\Windows\system32\drivers\deeofnki.sys [X]
S1 deguyuey; \??\C:\Windows\system32\drivers\deguyuey.sys [X]
S1 dotrahhe; \??\C:\Windows\system32\drivers\dotrahhe.sys [X]
S1 hlieqbaq; \??\C:\Windows\system32\drivers\hlieqbaq.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsl4f1a8eb6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB8CC1A9-411B-4CA8-8059-AD4384EDC61F}\MpKsl4f1a8eb6.sys [X]
U4 MpsSvc;
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 nwzfcqek; \??\C:\Windows\system32\drivers\nwzfcqek.sys [X]
S1 onglhlkl; \??\C:\Windows\system32\drivers\onglhlkl.sys [X]
S1 oqcuurbg; \??\C:\Windows\system32\drivers\oqcuurbg.sys [X]
S1 pgsosvzi; \??\C:\Windows\system32\drivers\pgsosvzi.sys [X]
S1 rtrkxkzx; \??\C:\Windows\system32\drivers\rtrkxkzx.sys [X]
S1 sebfinry; \??\C:\Windows\system32\drivers\sebfinry.sys [X]
S1 tbpptcft; \??\C:\Windows\system32\drivers\tbpptcft.sys [X]
S1 tvkwfjfo; \??\C:\Windows\system32\drivers\tvkwfjfo.sys [X]
U4 wscsvc;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-14 16:16 - 2014-05-14 16:16 - 00011672 _____ () C:\Users\default user.defaultuser-PC\Downloads\FRST.txt
2014-05-14 16:15 - 2014-05-14 16:16 - 00000000 ____D () C:\FRST
2014-05-14 16:14 - 2014-05-14 16:15 - 01056256 _____ (Farbar) C:\Users\default user.defaultuser-PC\Downloads\FRST.exe
2014-05-14 15:44 - 2014-05-14 15:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\default user.defaultuser-PC\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-14 15:38 - 2014-05-14 15:38 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-14 15:38 - 2014-05-14 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-14 15:38 - 2014-05-14 15:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-14 15:38 - 2014-05-14 15:38 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-14 15:38 - 2014-05-14 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-14 15:29 - 2014-05-14 15:29 - 00921512 _____ (Oracle Corporation) C:\Users\default user.defaultuser-PC\Downloads\JavaSetup7u55.exe

==================== One Month Modified Files and Folders =======

2014-05-14 16:16 - 2014-05-14 16:16 - 00011672 _____ () C:\Users\default user.defaultuser-PC\Downloads\FRST.txt
2014-05-14 16:16 - 2014-05-14 16:15 - 00000000 ____D () C:\FRST
2014-05-14 16:15 - 2014-05-14 16:14 - 01056256 _____ (Farbar) C:\Users\default user.defaultuser-PC\Downloads\FRST.exe
2014-05-14 15:46 - 2014-05-14 15:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\default user.defaultuser-PC\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-14 15:39 - 2014-05-14 15:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-14 15:38 - 2014-05-14 15:38 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-14 15:38 - 2014-05-14 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-14 15:38 - 2014-05-14 15:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-14 15:38 - 2014-05-14 15:38 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-14 15:38 - 2014-05-14 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-14 15:38 - 2010-10-07 08:54 - 00000000 ____D () C:\Program Files\Java
2014-05-14 15:35 - 2013-12-05 21:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef1f75678d290.job
2014-05-14 15:35 - 2010-10-08 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-14 15:29 - 2014-05-14 15:29 - 00921512 _____ (Oracle Corporation) C:\Users\default user.defaultuser-PC\Downloads\JavaSetup7u55.exe
2014-05-14 15:28 - 2010-10-08 18:44 - 00000000 ____D () C:\Users\default user.defaultuser-PC\AppData\Roaming\Skype
2014-05-14 15:24 - 2008-01-21 02:35 - 01419523 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 15:20 - 2006-11-02 11:33 - 00712976 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 15:14 - 2008-01-21 03:47 - 00055508 _____ () C:\Windows\PFRO.log
2014-05-14 15:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 15:14 - 2006-11-02 13:47 - 00004320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 15:14 - 2006-11-02 13:47 - 00004320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 15:14 - 2006-11-02 12:18 - 00000000 __RSD () C:\Windows\Media
2014-05-14 12:56 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-14 11:48 - 2013-03-14 23:39 - 00000000 ____D () C:\Users\default user.defaultuser-PC\AppData\Roaming\vlc
2014-05-14 10:06 - 2013-03-06 21:28 - 00000080 _____ () C:\Users\default user.defaultuser-PC\AppData\Roaming\mbam.context.scan
2014-05-14 09:51 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Speech
2014-05-14 07:49 - 2010-10-08 18:31 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-13 15:29 - 2010-10-18 12:30 - 00000000 ____D () C:\Users\default user.defaultuser-PC\AppData\Local\Apple Computer
2014-05-13 15:28 - 2010-10-18 12:30 - 00000000 ____D () C:\Users\default user.defaultuser-PC\AppData\Roaming\Apple Computer

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3031539273-905668608-2619150209-1000\$76f165ab19fa1a0e9f9e7fe0fe7516dc

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$76f165ab19fa1a0e9f9e7fe0fe7516dc

Files to move or delete:
====================
C:\ProgramData\Puj3v4Rt.dat
C:\Users\default user.defaultuser-PC\xobglu16.dll
C:\Users\default user.defaultuser-PC\xobglu32.dll

Some content of TEMP:
====================
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\contentDATs.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\MSN277D.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\ose00000.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-14 15:21

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2014
Ran by default user at 2014-05-14 16:16:35
Running from C:\Users\default user.defaultuser-PC\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.4.13090 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
EasyBits GO (HKCU\...\Game Organizer) (Version:  - EasyBits Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6DA93E66-5FA8-44ED-9CCA-40773444C10D}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{E1497C00-2605-433E-822E-3E82649CE056}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
OpenOffice.org 3.2 (HKLM\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

13-03-2014 22:43:53 Scheduled Checkpoint
15-03-2014 19:32:56 Scheduled Checkpoint
16-03-2014 18:05:38 Scheduled Checkpoint
17-03-2014 18:29:33 Scheduled Checkpoint
18-03-2014 18:06:17 Scheduled Checkpoint
19-03-2014 19:29:44 Scheduled Checkpoint
20-03-2014 19:06:19 Scheduled Checkpoint
25-03-2014 20:07:55 Scheduled Checkpoint
27-03-2014 18:25:46 Scheduled Checkpoint
13-05-2014 16:39:46 Scheduled Checkpoint
14-05-2014 06:22:29 Scheduled Checkpoint
14-05-2014 09:03:30 Removed Bonjour
14-05-2014 14:30:31 Removed Java 7 Update 17
14-05-2014 14:37:49 Installed Java 7 Update 55

==================== Hosts content: ==========================

2006-11-02 11:23 - 2011-02-14 12:46 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10A3BE7F-03F1-42DE-987F-3DC6F77A691E} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {16CC3A92-8371-428C-854F-39FA48B5C685} - System32\Tasks\GoogleUpdateTaskMachineCore1cef1f75678d290 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3832DFA7-10A0-4D1F-87EB-B7D2B3692175} - System32\Tasks\{49ACC0DF-CDD1-4D4D-B10D-8038E74A0148} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4C3574B0-6420-4843-8B7B-7F18A3E20F14} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {884FC2FF-6518-4171-A5EF-0E9FDF0F4AEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B0F491FD-9BEA-4830-A371-005B03E2B40B} - System32\Tasks\5042 => Wscript.exe C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {DE0BAD73-9F3C-4352-B93F-9E5A31A0E6F6} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E243D17A-F679-4AFE-84A3-C3857EB44839} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FE1D5F37-08AB-43BE-9369-B5EC129F888A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08] (Google Inc.)
Task: {FE98A759-8852-4FDE-8126-710EC26441A3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef1f75678d290.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 03:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 00:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 00:57:47 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/14/2014 00:53:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 00:52:47 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/14/2014 00:49:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 00:10:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 00:09:46 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/14/2014 00:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 11:53:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-14 14:31:13.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:13.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:12.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:12.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:12.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:12.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:11.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:11.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:11.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 14:31:10.983
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2938.31 MB
Available physical RAM: 1462.06 MB
Total Pagefile: 6114.95 MB
Available Pagefile: 4855.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:96.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 0505D33D)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

See if you can make the file yourself......

 

Open notepad. Please copy the contents of the Code box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to the Desktop or the folder that you saved FRST to ensure to name it fixlist.txt

StartHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTIONHKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [kqvctvy] => regsvr32.exe "C:\ProgramData\kqvctvy.dat"C:\ProgramData\kqvctvy.datHKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\MountPoints2: {aec594d5-e025-11df-8c99-001dba8b7bb9} - G:\StartClickFreeBackup.exeS1 cdsfufau; \??\C:\Windows\system32\drivers\cdsfufau.sys [X]S1 deeofnki; \??\C:\Windows\system32\drivers\deeofnki.sys [X]S1 deguyuey; \??\C:\Windows\system32\drivers\deguyuey.sys [X]S1 dotrahhe; \??\C:\Windows\system32\drivers\dotrahhe.sys [X]S1 hlieqbaq; \??\C:\Windows\system32\drivers\hlieqbaq.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]U4 MpsSvc;S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 nwzfcqek; \??\C:\Windows\system32\drivers\nwzfcqek.sys [X]S1 onglhlkl; \??\C:\Windows\system32\drivers\onglhlkl.sys [X]S1 oqcuurbg; \??\C:\Windows\system32\drivers\oqcuurbg.sys [X]S1 pgsosvzi; \??\C:\Windows\system32\drivers\pgsosvzi.sys [X]S1 rtrkxkzx; \??\C:\Windows\system32\drivers\rtrkxkzx.sys [X]S1 sebfinry; \??\C:\Windows\system32\drivers\sebfinry.sys [X]S1 tbpptcft; \??\C:\Windows\system32\drivers\tbpptcft.sys [X]S1 tvkwfjfo; \??\C:\Windows\system32\drivers\tvkwfjfo.sys [X]U4 wscsvc;C:\$Recycle.Bin\S-1-5-21-3031539273-905668608-2619150209-1000\$76f165ab19fa1a0e9f9e7fe0fe7516dcC:\$Recycle.Bin\S-1-5-18\$76f165ab19fa1a0e9f9e7fe0fe7516dcC:\ProgramData\Puj3v4Rt.datC:\Users\default user.defaultuser-PC\xobglu16.dllC:\Users\default user.defaultuser-PC\xobglu32.dllC:\Users\default user.defaultuser-PC\AppData\Local\Temp\contentDATs.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\GoogleChromeInstaller.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\MSN277D.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\ose00000.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\SearchWithGoogleUpdate.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\SkypeSetup.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\SpotifyUpgrader.exeC:\Users\default user.defaultuser-PC\AppData\Local\Temp\uninst1.exeTask: {B0F491FD-9BEA-4830-A371-005B03E2B40B} - System32\Tasks\5042 => Wscript.exe C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {DE0BAD73-9F3C-4352-B93F-9E5A31A0E6F6} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTIONEnd

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 
Link to post
Share on other sites

Here are the logs..

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:14-05-2014
Ran by default user at 2014-05-15 17:14:26 Run:1
Running from C:\Users\default user.defaultuser-PC\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\Run: [kqvctvy] => regsvr32.exe "C:\ProgramData\kqvctvy.dat"
C:\ProgramData\kqvctvy.dat
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\...\MountPoints2: {aec594d5-e025-11df-8c99-001dba8b7bb9} - G:\StartClickFreeBackup.exe
S1 cdsfufau; \??\C:\Windows\system32\drivers\cdsfufau.sys [X]
S1 deeofnki; \??\C:\Windows\system32\drivers\deeofnki.sys [X]
S1 deguyuey; \??\C:\Windows\system32\drivers\deguyuey.sys [X]
S1 dotrahhe; \??\C:\Windows\system32\drivers\dotrahhe.sys [X]
S1 hlieqbaq; \??\C:\Windows\system32\drivers\hlieqbaq.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 MpsSvc;
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 nwzfcqek; \??\C:\Windows\system32\drivers\nwzfcqek.sys [X]
S1 onglhlkl; \??\C:\Windows\system32\drivers\onglhlkl.sys [X]
S1 oqcuurbg; \??\C:\Windows\system32\drivers\oqcuurbg.sys [X]
S1 pgsosvzi; \??\C:\Windows\system32\drivers\pgsosvzi.sys [X]
S1 rtrkxkzx; \??\C:\Windows\system32\drivers\rtrkxkzx.sys [X]
S1 sebfinry; \??\C:\Windows\system32\drivers\sebfinry.sys [X]
S1 tbpptcft; \??\C:\Windows\system32\drivers\tbpptcft.sys [X]
S1 tvkwfjfo; \??\C:\Windows\system32\drivers\tvkwfjfo.sys [X]
U4 wscsvc;
C:\$Recycle.Bin\S-1-5-21-3031539273-905668608-2619150209-1000\$76f165ab19fa1a0e9f9e7fe0fe7516dc
C:\$Recycle.Bin\S-1-5-18\$76f165ab19fa1a0e9f9e7fe0fe7516dc
C:\ProgramData\Puj3v4Rt.dat
C:\Users\default user.defaultuser-PC\xobglu16.dll
C:\Users\default user.defaultuser-PC\xobglu32.dll
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\contentDATs.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\MSN277D.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\ose00000.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\uninst1.exe
Task: {B0F491FD-9BEA-4830-A371-005B03E2B40B} - System32\Tasks\5042 => Wscript.exe C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {DE0BAD73-9F3C-4352-B93F-9E5A31A0E6F6} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
End

*****************

 

 

 

 

 

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\Software\Microsoft\Windows\CurrentVersion\Run\\kqvctvy => Value deleted successfully.
"C:\ProgramData\kqvctvy.dat" => File/Directory not found.
HKU\S-1-5-21-3031539273-905668608-2619150209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aec594d5-e025-11df-8c99-001dba8b7bb9} => Key deleted successfully.
HKCR\CLSID\{aec594d5-e025-11df-8c99-001dba8b7bb9} => Key not found.
cdsfufau => Service deleted successfully.
deeofnki => Service deleted successfully.
deguyuey => Service deleted successfully.
dotrahhe => Service deleted successfully.
hlieqbaq => Service deleted successfully.
IpInIp => Service deleted successfully.
MpsSvc => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
nwzfcqek => Service deleted successfully.
onglhlkl => Service deleted successfully.
oqcuurbg => Service deleted successfully.
pgsosvzi => Service deleted successfully.
rtrkxkzx => Service deleted successfully.
sebfinry => Service deleted successfully.
tbpptcft => Service deleted successfully.
tvkwfjfo => Service deleted successfully.
wscsvc => Service deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3031539273-905668608-2619150209-1000\$76f165ab19fa1a0e9f9e7fe0fe7516dc => Directory moved successfully.
C:\$Recycle.Bin\S-1-5-18\$76f165ab19fa1a0e9f9e7fe0fe7516dc => Deleted successfully.
C:\ProgramData\Puj3v4Rt.dat => Moved successfully.
C:\Users\default user.defaultuser-PC\xobglu16.dll => Moved successfully.
C:\Users\default user.defaultuser-PC\xobglu32.dll => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\GoogleChromeInstaller.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\MSN277D.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.
C:\Users\default user.defaultuser-PC\AppData\Local\Temp\uninst1.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0F491FD-9BEA-4830-A371-005B03E2B40B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0F491FD-9BEA-4830-A371-005B03E2B40B} => Key deleted successfully.
C:\Windows\System32\Tasks\5042 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5042 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE0BAD73-9F3C-4352-B93F-9E5A31A0E6F6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0BAD73-9F3C-4352-B93F-9E5A31A0E6F6} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
default user :: DEFAULTUSER-PC [administrator]

15/05/2014 17:17:12
mbam-log-2014-05-15 (17-17-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Heuristics/Extra | P2P
Objects scanned: 55411
Time elapsed: 22 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

# AdwCleaner v3.208 - Report created 15/05/2014 at 17:46:12

# Updated 11/05/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : default user - DEFAULTUSER-PC

# Running from : C:\Users\default user.defaultuser-PC\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKCU\Software\a0d7dcb26dbf49

Key Deleted : HKLM\SOFTWARE\a0d7dcb26dbf49

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QueryExplorer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16533

 

 

-\\ Google Chrome v34.0.1847.137

 

*************************

 

AdwCleaner[R0].txt - [3598 octets] - [15/05/2014 17:44:00]

AdwCleaner[s0].txt - [3593 octets] - [15/05/2014 17:46:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3653 octets] ##########

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by default user on 15/05/2014 at 17:56:13.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\default user.defaultuser-PC\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\default user.defaultuser-PC\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\default user.defaultuser-PC\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\default user.defaultuser-PC\appdata\locallow\shopperreports3"
Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2014 at 17:59:15.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

What is the current status of your system, any remaining issues or concerns?

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.