Jump to content

Infected laptop, please help


Recommended Posts

I have run Kaspersky, Malwarebytes, Hijack This and Farbar. I will paste and attach the Malwarebytes log but just attach the others as it leads to a crash. Let me know if you would like me to paste any of the other reports. I received runtime errors any time I attempted to save Malwarebytes' txt log so I am copying and pasting from the XML file. Thanks so much in advance!

 

2014/06/28 18:23:26 -0500 mbam-log-2014-06-28 (18-23-26).xml yes 2.00.2.1012 v2014.03.04.09 v2014.02.20.01 free disabled disabled disabled Windows 7 Service Pack 1 x64 owner NTFS threat completed 248919 1269 4 20 173 11 13 138 579 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exePUP.Optional.AdvancedSystemProtector.A230073d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exePUP.Optional.ShopperPro.A34484ffa4fb048329f9776e92f91aa59fb05 C:\Program Files (x86)\Bench\BService\bservice.exePUP.Optional.Bench.A40843f0af00f3d3dea4cf94009848d75946c C:\Program Files (x86)\Bench\Wd\wd.exePUP.Optional.Bench.A31165ced14eb4337b581e05a3f4e679b02fe C:\Program Files (x86)\Advanced System Protector\aspsys.dllPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLLPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dllPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dllPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dllPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dllPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Aa9a00bf42a50e4525a9352386b978d73 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Spring SmartPUP.Optional.SpringSmart.A89c04eb1502a61d5adca415569988878 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Spring SmartPUP.Optional.SpringSmart.A3811b14ea4d660d6482f6b2ba35e6b95 HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344284450}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355285550}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366286650}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355285550}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366286650}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344284450}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.BHO.1PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.BHOPUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.BHOPUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.BHO.1PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220322282250}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.Sandbox.1PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.SandboxPUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.SandboxPUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.Sandbox.1PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220322282250}PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311281150}\INPROCSERVER32PUP.Optional.ObjectBrowser.A4efbd12ea7d3f145ed3993d1d130c937 HKLM\SOFTWARE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\CLASSES\TYPELIB\{8FB1A663-2820-468B-95C4-5060A4C5F413}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\CLASSES\INTERFACE\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8FB1A663-2820-468B-95C4-5060A4C5F413}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHO.1PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHOPUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopperPro.ShopperProBHOPUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopperPro.ShopperProBHO.1PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\INPROCSERVER32PUP.Optional.ShopperPro.A21281be411694aec78fc3e4ee120c937 HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}PUP.Optional.MySearchDial.Ab9906d92c3b7171f6ba386eefa084ab6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}PUP.Optional.MySearchDial.Ab9906d92c3b7171f6ba386eefa084ab6 HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}PUP.Optional.FaceThemes3e0bba4524563ff74cc979cdf30f55ab HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}PUP.Optional.FaceThemes3e0bba4524563ff74cc979cdf30f55ab HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}PUP.Optional.BrowseFox.Ade6b2ed19ae0d6607fa4aec6857d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}PUP.Optional.BrowseFox.Ade6b2ed19ae0d6607fa4aec6857d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.A88c12dd23545c2748a8c0e31cd3553ad HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.A88c12dd23545c2748a8c0e31cd3553ad HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.A88c12dd23545c2748a8c0e31cd3553ad HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.A88c12dd23545c2748a8c0e31cd3553ad HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.A88c12dd23545c2748a8c0e31cd3553ad HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.A88c12dd23545c2748a8c0e31cd3553ad HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}PUP.Optional.BuenoSearch.Aec5d956a95e571c5f0d1175f8c764cb4 HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd.1PUP.Optional.BuenoSearch.Aec5d956a95e571c5f0d1175f8c764cb4 HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBndPUP.Optional.BuenoSearch.Aec5d956a95e571c5f0d1175f8c764cb4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBndPUP.Optional.BuenoSearch.Aec5d956a95e571c5f0d1175f8c764cb4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd.1PUP.Optional.BuenoSearch.Aec5d956a95e571c5f0d1175f8c764cb4 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKLM\SOFTWARE\CLASSES\TYPELIB\{DCB1CD02-42FC-4447-B833-6405CE328D62}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKLM\SOFTWARE\CLASSES\INTERFACE\{96B7C08E-01F0-491A-8509-9741CF47039F}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{96B7C08E-01F0-491A-8509-9741CF47039F}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCB1CD02-42FC-4447-B833-6405CE328D62}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacyb2976f90f08a7abcabea6cd46a98ab55 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}PUP.Optional.BuenoSearch.Ae663a7581169ff373f815d19c53df40c HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr.1PUP.Optional.BuenoSearch.Ae663a7581169ff373f815d19c53df40c HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlprPUP.Optional.BuenoSearch.Ae663a7581169ff373f815d19c53df40c HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlprPUP.Optional.BuenoSearch.Ae663a7581169ff373f815d19c53df40c HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}PUP.Optional.BuenoSearch.Ae663a7581169ff373f815d19c53df40c HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr.1PUP.Optional.BuenoSearch.Ae663a7581169ff373f815d19c53df40c HKLM\SOFTWARE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\CLASSES\SelectionLinks.SelectionLinksBHO.1PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\CLASSES\SelectionLinks.SelectionLinksBHOPUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SelectionLinks.SelectionLinksBHOPUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SelectionLinks.SelectionLinksBHO.1PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b8c7345350432d84073d3ac5630d0 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F232128-6F42-4F37-8EFE-2E6020B2D478}PUP.Optional.SpringSmart.A98b1ce31c5b53bfb1837b1c407fb5ca4 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D425283-D487-4337-BAB6-AB8354A81457}PUP.Optional.SearchToolbarc08914eb3c3e191d0ae995de3bc70ef2 HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImplPUP.Optional.SearchToolbarc08914eb3c3e191d0ae995de3bc70ef2 HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1PUP.Optional.SearchToolbarc08914eb3c3e191d0ae995de3bc70ef2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImplPUP.Optional.SearchToolbarc08914eb3c3e191d0ae995de3bc70ef2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1PUP.Optional.SearchToolbarc08914eb3c3e191d0ae995de3bc70ef2 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1PUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXEPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXEPUP.Optional.AdvancedSystemProtector.A73d61ee12b4ff145f965dfca32d108f8 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1PUP.Optional.RegCleanPro.A2326f30c1c5e9b9baeb1b0f92dd6d32d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean-Pro_is1PUP.Optional.RegCleanPro.A2326f30c1c5e9b9baeb1b0f92dd6d32d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sp@sp.comPUP.Optional.SocialPrivacyea5f8b74611956e0d5d668421be8eb15 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spring SmartPUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}PUP.Optional.SpringSmart.Ac6833ac5a7d3e94d48af941c679c5ea2 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Object BrowserPUP.Optional.ObjectBrowser.A1c2d738ccbafdf575b61f5bddd265aa6 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtectPUP.Optional.SearchProtect.Ae069f30cc6b41026fa0f8035976c2ed2 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShopperProPUP.Optional.ShopperPro.A4ffa4fb048329f9776e92f91aa59fb05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1.36.1.172PUP.Optional.ShopperPro.A4ffa4fb048329f9776e92f91aa59fb05 HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCorePUP.Optional.BuenoSearch.Ad376956a304a62d490f7ade3649e59a7 HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore.1PUP.Optional.BuenoSearch.Ace7b53ac3f3b53e3592e7917738f6997 HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.BHOPUP.Optional.CrossRider.A8fbacd32611960d6d4e666457d867888 HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.BHO.1PUP.Optional.CrossRider.A63e618e70872e2544476109b26dd21df HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.SandboxPUP.Optional.CrossRider.A2425e51a3d3dd75fa01a595222e160a0 HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.Sandbox.1PUP.Optional.CrossRider.A7ecb47b86f0b84b23b7ff5b614ef4db3 HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvcPUP.Optional.BuenoSearch.Adb6ecf30205a05317c0c6f2137cba35d HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc.1PUP.Optional.BuenoSearch.A5dec7788d0aabf776028eda342c0817f HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdffPUP.Optional.MySearchDial.Ab79247b81e5c7fb7936b177f936f7e82 HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone83b0e2ad5fc7e5adc3a6cbef805fece32 HKLM\SOFTWARE\WOW6432NODE\buenosearch LTDPUP.Optional.BuenoSearch.A56f3817e1b5fa69094f15b355ca6ed13 HKLM\SOFTWARE\WOW6432NODE\freeSoftTodayAdware.EoRezo0247ca35bcbe6fc7904c921ef50ea957 HKLM\SOFTWARE\WOW6432NODE\IminentPUP.Optional.Iminent.A51f89e618ceea49269097b1a3ec4dc24 HKLM\SOFTWARE\WOW6432NODE\Object BrowserPUP.Optional.ObjectBrowser.Ae366bd421961fc3a447b625016ed936d HKLM\SOFTWARE\WOW6432NODE\Spring SmartPUP.Optional.SpringSmart.A113844bb7604171fa48d5d5763a02fd1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCorePUP.Optional.BuenoSearch.Aaf9a0af548327fb7285f9bf5d929fa06 HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore.1PUP.Optional.BuenoSearch.A6fda946bc1b98aaca1e66a26c83aca36 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.BHOPUP.Optional.CrossRider.A5beeb946ff7bde5889314c5f768d8878 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.BHO.1PUP.Optional.CrossRider.Ae069847b7109de5808b22e7d44bf20e0 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.SandboxPUP.Optional.CrossRider.A67e2fc037901f73f58624f5c2ad90ff1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.Sandbox.1PUP.Optional.CrossRider.A3019ce31adcda88e61590c9f709335cb HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvcPUP.Optional.BuenoSearch.A1732e7185921cf67e0a8dcb4a45e53ad HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc.1PUP.Optional.BuenoSearch.Abf8a758ae4962214fd8b9bf5ba48946c HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\acfoobbgoakpihljnfedbcfaipcdlfhkPUP.Optional.BuenoSearch.A381197684436fa3cbf863183fd06a55b HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdffPUP.Optional.MySearchDial.Ac6837f804931d66004fa712545bdcd33 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhostPUP.Optional.Bench.A86c3be4138421620553bf0d35ea5669a HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdialPUP.Optional.MySearchDial.A3712ba457208979f41e3fdad798acf31 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone81732916e4436ef4763439422a1627a86 HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hpPUP.Optional.V9.A78d1c13eabcfa39372345f3130d25ca4 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebarPUP.Optional.iWebar.A7dcc04fb502a1323a700830ca062966a HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\buenosearch LTDPUP.Optional.BuenoSearch.A1a2fb748e199f83ed7af5040c141e41c HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdialPUP.Optional.MySearchDial.A0c3d6699700a55e18f456f3c23e08a76 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Spring SmartPUP.Optional.SpringSmart.A2c1dac53d9a1c076e3ed813452b1b34d HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CrossriderPUP.Optional.CrossRider.A7acf05fae09a4ee8fb7bd3ec010223dd HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\UpdaterPUP.Optional.Babylon.A7ecb1ce3a1d9de58961ca506020145bb HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CR_INSTALLER\21804PUP.Optional.CrossRider.A1633aa5585f565d10fdc2983a65d36ca HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdffPUP.Optional.MySearchDial.Ade6b6b943a4094a25e9fb8dec14140c0 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Ac683629d0476979f89ef256f34ce2fd1 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdialPUP.Optional.MySearchDial.A98b145ba186275c1721d06a9cd36a858 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.A85c439c6e09a5adc4e802d7d897af30d HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 AppsPUP.Optional.CrossRider.Ace7b32cd3e3c2016ecdaa2ec5ca6fc04 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object BrowserPUP.Optional.CrossRider.A0f3a758a85f561d571f34f71e122e11f HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone871d84cb3c5b5b87e802523937a897090 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System ProtectorPUP.Optional.AdvancedSystemProtector.Ad9708976e09a36003457a60a07fcdd23 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean ProPUP.Optional.RegCleanerPro.A2a1fd629f1894ceaf7965c54d231be42 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mysearchdialPUP.Optional.MySearchDial.A70d9837c0d6d62d430babec9966c6d93 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}PUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}PUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\CLASSES\bPUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\WOW6432NODE\CLASSES\bPUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\CLASSES\TYPELIB\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}PUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}PUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\buenosearchPUP.Optional.BuenoSearch.Ad376f10e106a2c0a93f4266346bcd927 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220222182204}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244184404}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550255185504}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660266186604}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550255185504}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660266186604}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244184404}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Mdf6ab34cfa80d85ef30e230fc73d7e82 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR{828DC97A-2277-4E10-92A9-4907FA0922A9}PUP.Optional.BuenoSearch.Abuenosearch Toolbarec5d956a95e571c5f0d1175f8c764cb4 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{9D425283-D487-4337-BAB6-AB8354A81457}PUP.Optional.SearchToolbar

Addition.txt

FRST.txt

hijackthis.log

Kaspersky062814.txt

mbam-log-2014-06-28 (18-23-26).xml

Link to post
Share on other sites

  • Root Admin

FHello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Thanks so much for your help!

Here is the MBAM report:

 

2014/06/28 17:45:16 -0500 mbam-log-2014-06-28 (17-45-16).xml yes  2.00.2.1012 v2014.03.04.09 v2014.02.20.01 free disabled disabled disabled  Windows 7 Service Pack 1 x64 owner NTFS  threat completed 248855 1215 6 21 173 11 13 138 579 0  enabled enabled enabled enabled disabled disabled enabled enabled enabled  C:\Program Files (x86)\Spring Smart\updateSpringSmart.exePUP.Optional.SpringSmart.A108887c20cf37ffb092d185f682ebf42916f C:\Program Files (x86)\Spring Smart\bin\utilSpringSmart.exePUP.Optional.SpringSmart.A280068e101febfbbc175accb40569d6401ff C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exePUP.Optional.AdvancedSystemProtector.A33922e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exePUP.Optional.ShopperPro.A506056f3f00f91e9d5611d422d93a2616997 C:\Program Files (x86)\Bench\BService\bservice.exePUP.Optional.Bench.A421658f11ae596e45dd985b43f4e4db538c8 C:\Program Files (x86)\Bench\Wd\wd.exePUP.Optional.Bench.A4120e1687a85bbbf78be78c21f6e40c22cd4 C:\Program Files (x86)\Advanced System Protector\aspsys.dllPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLLPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dllPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dllPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dllPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dllPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 C:\Program Files (x86)\Bench\BService\bhelper.dllPUP.Optional.Bench.Ac881c43b205aa98d44a91e6c818158a8 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Spring SmartPUP.Optional.SpringSmart.A87c20cf37ffb092d185f682ebf42916f HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Spring SmartPUP.Optional.SpringSmart.A68e101febfbbc175accb40569d6401ff HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344284450}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355285550}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366286650}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355285550}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366286650}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344284450}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.BHO.1PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311281150}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.BHOPUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.BHOPUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.BHO.1PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220322282250}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.Sandbox.1PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CrossriderApp0032850.SandboxPUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.SandboxPUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032850.Sandbox.1PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220322282250}PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311281150}\INPROCSERVER32PUP.Optional.ObjectBrowser.A68e109f68eec181e43e384e04fb2847c HKLM\SOFTWARE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\CLASSES\TYPELIB\{8FB1A663-2820-468B-95C4-5060A4C5F413}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\CLASSES\INTERFACE\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8FB1A663-2820-468B-95C4-5060A4C5F413}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHO.1PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHOPUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopperPro.ShopperProBHOPUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopperPro.ShopperProBHO.1PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\INPROCSERVER32PUP.Optional.ShopperPro.Abc8deb14aecc2016beb6107c1be633cd HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}PUP.Optional.MySearchDial.A0b3ee51ab0ca023464aa0272c83ab050 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}PUP.Optional.MySearchDial.A0b3ee51ab0ca023464aa0272c83ab050 HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}PUP.Optional.FaceThemesdd6c2fd0b6c47cba8491172faf53e51b HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}PUP.Optional.FaceThemesdd6c2fd0b6c47cba8491172faf53e51b HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}PUP.Optional.BrowseFox.A4ffa51ae8cee54e2d251de96639fb34d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}PUP.Optional.BrowseFox.A4ffa51ae8cee54e2d251de96639fb34d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.A4603bb44641663d332e49ba4b949cb35 HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.A4603bb44641663d332e49ba4b949cb35 HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.A4603bb44641663d332e49ba4b949cb35 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}PUP.Optional.SupTab.A4603bb44641663d332e49ba4b949cb35 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}PUP.Optional.SupTab.A4603bb44641663d332e49ba4b949cb35 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.A4603bb44641663d332e49ba4b949cb35 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}PUP.Optional.BuenoSearch.A163344bb93e790a617aa12640df5c13f HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd.1PUP.Optional.BuenoSearch.A163344bb93e790a617aa12640df5c13f HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBndPUP.Optional.BuenoSearch.A163344bb93e790a617aa12640df5c13f HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBndPUP.Optional.BuenoSearch.A163344bb93e790a617aa12640df5c13f HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd.1PUP.Optional.BuenoSearch.A163344bb93e790a617aa12640df5c13f HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKLM\SOFTWARE\CLASSES\TYPELIB\{DCB1CD02-42FC-4447-B833-6405CE328D62}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKLM\SOFTWARE\CLASSES\INTERFACE\{96B7C08E-01F0-491A-8509-9741CF47039F}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{96B7C08E-01F0-491A-8509-9741CF47039F}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCB1CD02-42FC-4447-B833-6405CE328D62}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}PUP.Optional.SocialPrivacy10390bf4d3a7fb3bf69f1d23e22033cd HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}PUP.Optional.BuenoSearch.A7acf7a85f4863cfa5967235348ba956b HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr.1PUP.Optional.BuenoSearch.A7acf7a85f4863cfa5967235348ba956b HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlprPUP.Optional.BuenoSearch.A7acf7a85f4863cfa5967235348ba956b HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlprPUP.Optional.BuenoSearch.A7acf7a85f4863cfa5967235348ba956b HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}PUP.Optional.BuenoSearch.A7acf7a85f4863cfa5967235348ba956b HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr.1PUP.Optional.BuenoSearch.A7acf7a85f4863cfa5967235348ba956b HKLM\SOFTWARE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\CLASSES\SelectionLinks.SelectionLinksBHO.1PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\CLASSES\SelectionLinks.SelectionLinksBHOPUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SelectionLinks.SelectionLinksBHOPUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SelectionLinks.SelectionLinksBHO.1PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}PUP.Optional.FaceThemes3e0b986781f9a98dd840d86ecd359f61 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F232128-6F42-4F37-8EFE-2E6020B2D478}PUP.Optional.SpringSmart.Af851f50a32482e0863ec61149a68e21e HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D425283-D487-4337-BAB6-AB8354A81457}PUP.Optional.SearchToolbar5cedda2586f42115a84b8ce7e919659b HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImplPUP.Optional.SearchToolbar5cedda2586f42115a84b8ce7e919659b HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1PUP.Optional.SearchToolbar5cedda2586f42115a84b8ce7e919659b HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImplPUP.Optional.SearchToolbar5cedda2586f42115a84b8ce7e919659b HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1PUP.Optional.SearchToolbar5cedda2586f42115a84b8ce7e919659b HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1PUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXEPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXEPUP.Optional.AdvancedSystemProtector.A2e1be8173f3b34025fff3b6e06fd49b7 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1PUP.Optional.RegCleanPro.A9baefc033a40ff375708b7f25ba8c739 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean-Pro_is1PUP.Optional.RegCleanPro.A9baefc033a40ff375708b7f25ba8c739 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sp@sp.comPUP.Optional.SocialPrivacyd8719e61304a0432feada3079c6720e0 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spring SmartPUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}PUP.Optional.SpringSmart.A0841e619fc7e58de00f73b75f40f6898 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Object BrowserPUP.Optional.ObjectBrowser.A4cfdb54a92e89b9b3a82387aba4946ba HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtectPUP.Optional.SearchProtect.Ae1685da2691105315bae664f46bd47b9 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShopperProPUP.Optional.ShopperPro.A56f3f00f91e9d5611d422d93a2616997 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1.36.1.172PUP.Optional.ShopperPro.A56f3f00f91e9d5611d422d93a2616997 HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCorePUP.Optional.BuenoSearch.A3a0fe41baccefc3ad8afb3dd47bbde22 HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchappCore.1PUP.Optional.BuenoSearch.A3f0a15eaf189e353691e028e7a88ef11 HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.BHOPUP.Optional.CrossRider.Ae46530cfdaa045f1d3e7317add26748c HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.BHO.1PUP.Optional.CrossRider.A4207bd42cdadfd39704ae5c605fe1ce4 HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.SandboxPUP.Optional.CrossRider.Aa3a6e01ff9818fa71e9c317a57ac8c74 HKLM\SOFTWARE\CLASSES\CrossriderApp0021804.Sandbox.1PUP.Optional.CrossRider.A3a0fc33ca5d52c0a34865a5148bb42be HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvcPUP.Optional.BuenoSearch.A9cad629dceac95a187018d03887adc24 HKLM\SOFTWARE\CLASSES\esrv.buenosearchESrvc.1PUP.Optional.BuenoSearch.Aca7f6b94384211255c2cf49cc042e11f HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdffPUP.Optional.MySearchDial.Ad970ca3580fa8aaca45acdc90bf7f010 HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8b4956f90b7c3ea4c32747f3731d20bf5 HKLM\SOFTWARE\WOW6432NODE\buenosearch LTDPUP.Optional.BuenoSearch.Abd8ca35c95e5bc7aaed7454b758dce32 HKLM\SOFTWARE\WOW6432NODE\freeSoftTodayAdware.EoRezo9eab8a75245648ee0bd1b8f854afab55 HKLM\SOFTWARE\WOW6432NODE\IminentPUP.Optional.Iminent.Ad475b14e3e3c14220c664d4812f021df HKLM\SOFTWARE\WOW6432NODE\Object BrowserPUP.Optional.ObjectBrowser.Aee5b9e6194e6b68003bcc6ec4eb5956b HKLM\SOFTWARE\WOW6432NODE\Spring SmartPUP.Optional.SpringSmart.A99b08976d3a7191d46ebc7ed7b8854ac HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCorePUP.Optional.BuenoSearch.Aa0a92fd0b7c31c1a6027414fc53db14f HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchappCore.1PUP.Optional.BuenoSearch.A97b2a956b1c94beb2a5daae647bb16ea HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.BHOPUP.Optional.CrossRider.A40097689fb7f58de4674f1ba45be2ad6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.BHO.1PUP.Optional.CrossRider.Aac9dfc038af0e4526d4d713a7a897987 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.SandboxPUP.Optional.CrossRider.Ae168b04f35452e08e0da6546927109f7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0021804.Sandbox.1PUP.Optional.CrossRider.A3e0b0df2a0da50e63e7c357631d2f20e HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvcPUP.Optional.BuenoSearch.A301910efbebcf5411e6a7d1362a0f10f HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.buenosearchESrvc.1PUP.Optional.BuenoSearch.Ae1688778e09a0a2c2662315f2cd63fc1 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\acfoobbgoakpihljnfedbcfaipcdlfhkPUP.Optional.BuenoSearch.A8bbe7d826e0ce1556ed72193857e03fd HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdffPUP.Optional.MySearchDial.Adb6e34cbdd9d4fe70ef046509a683ec2 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhostPUP.Optional.Bench.A94b5c23d78026fc7fa96c8fb47bcf20e HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdialPUP.Optional.MySearchDial.A2f1ae31c601a290dad773d6d679cbe42 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8183156a97406ce68584eac0ae122d030 HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hpPUP.Optional.V9.Ac089aa5526543afcd6d0e5abc53d0ff1 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebarPUP.Optional.iWebar.A4dfc1fe0a1d97bbb8126a8e79d6508f8 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\buenosearch LTDPUP.Optional.BuenoSearch.Ab09907f8a6d40135d2b49cf4ff0325db HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdialPUP.Optional.MySearchDial.Af95089762e4c79bdad27ecbfc83b30d0 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Spring SmartPUP.Optional.SpringSmart.A0d3cad52c3b766d0369af4c1c043a759 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CrossriderPUP.Optional.CrossRider.Afa4f47b8601a5ed85125fbc423e037c9 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\UpdaterPUP.Optional.Babylon.Aec5dba457cfe1d1911a1f5b67e85728e HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CR_INSTALLER\21804PUP.Optional.CrossRider.A2623d22d621876c0c7242d7f6f9429d7 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdffPUP.Optional.MySearchDial.A6edb2dd2ed8d53e341bc20769a68c937 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.A59f0728d74067eb8c6b2247092701ce4 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdialPUP.Optional.MySearchDial.A5eebac536a102e08464929863ec51fe1 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.A1d2caf5015652610a32b6b3f927133cd HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 AppsPUP.Optional.CrossRider.A3217fc037307e84e3e88f99540c22ad6 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object BrowserPUP.Optional.CrossRider.A4aff04fbe89211250361437d4ab96997 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone841088a753d3dd2646d3810a606fde51b HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System ProtectorPUP.Optional.AdvancedSystemProtector.A74d5b54af486b185fa91b1ffbb48b54b HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean ProPUP.Optional.RegCleanerPro.A183111ee1f5b072f8b0250609d66be42 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mysearchdialPUP.Optional.MySearchDial.Aa4a559a648321f177b6ff196b84a8c74 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}PUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}PUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\CLASSES\bPUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\bPUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\CLASSES\TYPELIB\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}PUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}PUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\buenosearchPUP.Optional.BuenoSearch.A1f2aec137703c76fe0a7d9b010f2c33d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220222182204}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244184404}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550255185504}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660266186604}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550255185504}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660266186604}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244184404}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110211181104}PUP.Optional.CrossRider.Ma1a8807f31493cfa30d1042e01031fe1 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR{828DC97A-2277-4E10-92A9-4907FA0922A9}PUP.Optional.BuenoSearch.Abuenosearch Toolbar163344bb93e790a617aa12640df5c13f HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{9D425283-D487-4337-BAB6-AB8354A81457}PUP.Optional.SearchToolbar

 

 

And here is the RogueKiller report:

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Scan -- Date : 07/04/2014  03:33:52

¤¤¤ Bad processes : 2 ¤¤¤
[suspicious.Path] shopwit.exe -- C:\Users\owner\AppData\Local\shopwit\shopwit\1.3.6.10\shopwit.exe[-] -> KILLED [TermProc]
[suspicious.Path] rundll32.exe -- C:\Users\owner\AppData\Local\TB\APISupport\APISupport.dll[7] -> UNLOADED

¤¤¤ Registry Entries : 55 ¤¤¤
[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SMessaging : C:\Users\owner\AppData\Local\Strongvault Online Backup\SMessaging.exe  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Run | APISupport : "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\owner\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Run | shopwit : C:\Users\owner\AppData\Local\shopwit\shopwit\1.3.6.10\shopwit.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Run | APISupport : "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\owner\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Run | shopwit : C:\Users\owner\AppData\Local\shopwit\shopwit\1.3.6.10\shopwit.exe  -> FOUND
[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | upfst_us_99.exe : C:\Users\owner\AppData\Local\fst_us_99\upfst_us_99.exe -runonce  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service -> FOUND
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0F24BD3D-0509-4453-A39F-3CFEC256FB26} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{454F96F1-AE92-4873-9C39-12215B7DCE53} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{62CF3988-ABE0-40FB-8CD8-3C28FFB21524} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AEED83A-7749-4B05-AADA-09706C0D39FA} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84C4718D-0AFE-41C6-A32A-C70FDD0D7B70} | DhcpNameServer : 192.168.0.1 205.171.202.166  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A73E22EC-B49A-4D74-AF69-5E727CED3890} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD130B65-F022-41B7-9BCA-EF18E1AD302F} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0F24BD3D-0509-4453-A39F-3CFEC256FB26} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{454F96F1-AE92-4873-9C39-12215B7DCE53} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{62CF3988-ABE0-40FB-8CD8-3C28FFB21524} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AEED83A-7749-4B05-AADA-09706C0D39FA} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{84C4718D-0AFE-41C6-A32A-C70FDD0D7B70} | DhcpNameServer : 192.168.0.1 205.171.202.166  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A73E22EC-B49A-4D74-AF69-5E727CED3890} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD130B65-F022-41B7-9BCA-EF18E1AD302F} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0F24BD3D-0509-4453-A39F-3CFEC256FB26} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{454F96F1-AE92-4873-9C39-12215B7DCE53} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{62CF3988-ABE0-40FB-8CD8-3C28FFB21524} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AEED83A-7749-4B05-AADA-09706C0D39FA} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{84C4718D-0AFE-41C6-A32A-C70FDD0D7B70} | DhcpNameServer : 192.168.0.1 205.171.202.166  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A73E22EC-B49A-4D74-AF69-5E727CED3890} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DD130B65-F022-41B7-9BCA-EF18E1AD302F} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 5 ¤¤¤
[suspicious.Path] MySearchDial.job -- C:\Users\owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\EPUpdater -- C:\Users\owner\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe -> FOUND
[suspicious.Path] \\MySearchDial -- C:\Users\owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\Shop-wit -- C:\Users\owner\AppData\Local\shopwit\shopwit\1.3.6.10\shopwit.exe (MyCmd) -> FOUND
[suspicious.Path] \\Updater21804.exe -- C:\Users\owner\AppData\Local\Updater21804\Updater21804.exe (/extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : MySearchDial [pflphaooapbgpeakohlggbpidpppgdff] -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 74224fe0d99a685d8cd8cf3ee2175b44
[bSP] 430eaf6ed8558d670d2c84579f07828f : HP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 30716280 | Size: 290246 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 57662baa5368a86c2b1ad9651f4a05d8
[bSP] 4e457821636859fd85d696ca97bf0667 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7396 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

  • Root Admin

Wow lot of ugly junk PUP stuff on this computer.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

`ComboFix 14-07-08.01 - owner 07/09/2014   0:53.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.1578 [GMT -5:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Secret Crush Revealer
c:\program files (x86)\Secret Crush Revealer\jsi.dll
c:\program files (x86)\Secret Crush Revealer\setup.ini
c:\program files (x86)\Secret Crush Revealer\Uninstaller.exe
c:\users\owner\AppData\Local\nsa8BE4.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 06:57 . 2014-07-09 06:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-09 06:00 . 2014-07-09 06:00    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D70D516D-B3FB-42BB-8077-B52250B1967A}\offreg.dll
2014-07-08 05:06 . 2014-07-08 05:06    --------    d-----w-    c:\program files (x86)\ESET
2014-07-08 04:33 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D70D516D-B3FB-42BB-8077-B52250B1967A}\mpengine.dll
2014-07-08 04:00 . 2014-07-08 04:06    --------    d-----w-    C:\AdwCleaner
2014-07-08 03:38 . 2014-07-08 03:38    --------    d-----w-    c:\windows\ERUNT
2014-07-04 08:22 . 2014-07-04 08:22    --------    d-----w-    c:\programdata\RogueKiller
2014-07-04 07:39 . 2014-07-04 07:39    --------    d-----w-    c:\program files (x86)\ERUNT
2014-06-29 01:21 . 2014-06-29 01:21    --------    d-----w-    c:\program files\CCleaner
2014-06-29 00:44 . 2014-06-29 00:45    --------    d-----w-    c:\program files\HijackThis
2014-06-29 00:18 . 2014-07-08 06:23    --------    d-----w-    C:\FRST
2014-06-29 00:16 . 2014-06-29 00:16    --------    d-sh--w-    c:\users\owner\AppData\Local\EmieUserList
2014-06-29 00:16 . 2014-06-29 00:16    --------    d-sh--w-    c:\users\owner\AppData\Local\EmieSiteList
2014-06-28 22:57 . 2014-06-28 22:57    --------    d-----w-    c:\program files\Speccy
2014-06-28 15:21 . 2014-06-28 15:21    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-06-14 11:52 . 2014-06-14 11:52    --------    d-----w-    c:\users\owner\AppData\Local\shopwit
2014-06-14 02:11 . 2014-07-08 04:29    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 02:10 . 2014-06-28 22:44    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-14 02:10 . 2014-06-14 02:10    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-14 02:10 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-14 02:10 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 02:10 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-14 01:16 . 2014-06-14 01:16    --------    d-----w-    c:\users\owner\AppData\Local\ShieldPlus
2014-06-14 01:10 . 2014-06-14 01:10    --------    d-----w-    c:\users\owner\AppData\Local\Programs
2014-06-14 00:55 . 2014-06-14 00:55    --------    d-----w-    c:\program files (x86)\GUM22F1.tmp
2014-06-14 00:44 . 2014-06-14 00:44    --------    d-----w-    c:\program files\pcmax
2014-06-14 00:34 . 2014-06-14 00:34    --------    d-----w-    c:\program files (x86)\YTDownloader
2014-06-14 00:34 . 2014-06-14 00:34    --------    d-----w-    c:\programdata\SearchModule
2014-06-14 00:34 . 2014-06-14 00:34    --------    d-----w-    c:\program files\Common Files\Goobzo
2014-06-14 00:33 . 2014-06-14 00:33    --------    d-----w-    c:\users\owner\AppData\Local\CrashRpt
2014-06-14 00:11 . 2014-06-14 00:11    --------    d-----w-    c:\users\owner\AppData\Local\TB
2014-06-14 00:05 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-14 00:05 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-14 00:05 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-14 00:05 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-14 00:05 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2014-06-14 00:05 . 2014-03-26 14:44    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-14 00:05 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2014-06-14 00:05 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-06-14 00:05 . 2014-03-26 14:27    1389056    ----a-w-    c:\windows\SysWow64\msxml6.dll
2014-06-14 00:05 . 2014-03-26 14:27    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-14 00:05 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2014-06-14 00:05 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-06-13 23:59 . 2014-06-08 09:13    506368    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-13 23:59 . 2014-06-08 09:08    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-06-13 23:52 . 2014-06-09 16:55    61120    ----a-w-    c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 05:47 . 2012-05-21 01:07    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 05:47 . 2011-06-19 18:25    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 12:15 . 2010-02-15 16:44    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-07 17:53 . 2013-12-20 23:22    325920    ----a-w-    c:\windows\SysWow64\Sendori.dll
2014-04-24 17:29 . 2014-05-17 17:45    61120    ----a-w-    c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys
2014-04-12 02:22 . 2014-05-17 17:45    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-17 17:45    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-17 17:45    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-17 17:45    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-17 17:45    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-17 17:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-17 17:45    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-17 17:45    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-17 17:45    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2009-04-08 18:31 . 2009-04-08 18:31    106496    ----a-w-    c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45    155648    ----a-w-    c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
"shopwit"="c:\users\owner\AppData\Local\shopwit\shopwit\1.3.6.10\shopwit.exe" [2014-05-13 510976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 2244608]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2014-05-07 83232]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
R2 SPDRIVER_1.36.1.172;SPDRIVER_1.36.1.172;c:\program files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys;c:\program files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys [x]
R2 Update Spring Smart;Update Spring Smart;c:\program files (x86)\Spring Smart\updateSpringSmart.exe;c:\program files (x86)\Spring Smart\updateSpringSmart.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCSP.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNSP.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWVsp.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 {a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64;{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64;c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys;c:\windows\SYSNATIVE\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys [x]
S1 {a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64;{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64;c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys;c:\windows\SYSNATIVE\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 pcmaxservice;pcmaxservice Service;c:\program files\pcmax\pcmax.exe;c:\program files\pcmax\pcmax.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys;c:\windows\SYSNATIVE\DRIVERS\GUCI_AVS.sys [x]
S3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 05:47]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884552425-3862824966-2796753314-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 10:32]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884552425-3862824966-2796753314-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 10:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2009-09-17 314880]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-09-24 1022368]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{0F24BD3D-0509-4453-A39F-3CFEC256FB26}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4}\F6572786F657375623: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{454F96F1-AE92-4873-9C39-12215B7DCE53}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{62CF3988-ABE0-40FB-8CD8-3C28FFB21524}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{7AEED83A-7749-4B05-AADA-09706C0D39FA}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{A73E22EC-B49A-4D74-AF69-5E727CED3890}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{DD130B65-F022-41B7-9BCA-EF18E1AD302F}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tedj1r8l.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - c:\program files (x86)\Social Privacy\sp.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
Wow6432Node-HKCU-Run-BlockAndSurf - c:\program files (x86)\BlockAndSurf-soft\BlockAndSurf.exe
Wow6432Node-HKLM-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
MSConfigStartUp-Setwallpaper - c:\programdata\SetWallpaper.cmd
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-1B0807BA-A294-A921-61B6-D02EA86BD410 - c:\program files (x86)\BlockAndSurf-soft\Uninstall.exe
AddRemove-ASUSUSBDEVIC - c:\windows\uninstall.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe
AddRemove-dnsshield - c:\program files (x86)\Social Privacy  DNS\uninstall.exe
AddRemove-ShopperPro - c:\program files (x86)\ShopperPro\SPremove.exe
AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe
AddRemove-sp@sp.com - c:\program files (x86)\Social Privacy\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-09  02:01:22
ComboFix-quarantined-files.txt  2014-07-09 07:01
.
Pre-Run: 241,230,622,720 bytes free
Post-Run: 244,532,154,368 bytes free
.
- - End Of File - - 2CD40C677A0BE334438704BF26E44B49
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

  • Root Admin

I would highly recommend that you uninstall the following software unless you absolutely are certain you want and use it.
Go to Control Panel, Add/Remove and uninstall these.

pcmax
shopwit

The same for this one - again unless you want it for sure and know about it.
Sendori
 

 

 

The restart the computer and do the following.

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

I removed sendori and shopwit. I could not find pcmax in the uninstall add/remove  list. There are sites that claim to know how to find and remove it but of course I am skeptical. Based on limited research the program "Search module" seems like it may be it but I'm not sure. Much of the PUP arrived on one day after a bad download from an unknown site. These programs were installed on that day and all seem troublesome:

 

Shield Plus

YTDownloader

Shopper-pro

Search module

BlockAndSurf

 

And in the combofix list I saw a file with "coupon" in it. I think that's a bad one too.

 

Having removed the two I will scan again with Malwarebytes as instructed and get back to you with the log.

Link to post
Share on other sites

I also attempted to uninstall YTDownloader on the day it was installed. It sent me into some sort of loop that would open it and not uninstall it leading me to this board for help. There's also something called buenosearch that kept popping up. Here is the new MBAM log:

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/07/10 04:03:24 -0500</date>
<logfile>mbam-log-2014-07-10 (04-03-21).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.07.09.13</malware-database>
<rootkit-database>v2014.07.09.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>owner</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>295912</objects>
<time>1288</time>
<processes>2</processes>
<modules>0</modules>
<keys>22</keys>
<values>4</values>
<datas>2</datas>
<folders>7</folders>
<files>14</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Users\owner\AppData\Local\ShieldPlus\spprt\spsvc.exe</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><pid>1872</pid><hash>4d32227b7efd9e983f4e3884b9499769</hash></process>
<process><path>C:\Users\owner\AppData\Local\ShieldPlus\spprt\spprt.exe</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><pid>336</pid><hash>89f6138ae4977eb89eb68c26e51de719</hash></process>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}</path><vendor>PUP.Optional.FaceThemes</vendor><action></action><hash>a6d94b52daa172c425d580da61a1d927</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}</path><vendor>PUP.Optional.FaceThemes</vendor><action></action><hash>a6d94b52daa172c425d580da61a1d927</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}</path><vendor>PUP.Optional.SocialPrivacy</vendor><action></action><hash>641bcad30e6d211524561342758d6f91</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}</path><vendor>PUP.Optional.SocialPrivacy</vendor><action></action><hash>641bcad30e6d211524561342758d6f91</hash></key>
<key><path>HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}</path><vendor>PUP.Optional.SocialPrivacy</vendor><action></action><hash>641bcad30e6d211524561342758d6f91</hash></key>
<key><path>HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}</path><vendor>PUP.Optional.SocialPrivacy</vendor><action></action><hash>641bcad30e6d211524561342758d6f91</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}</path><vendor>PUP.Optional.FaceThemes</vendor><action></action><hash>3b44326b6714e74f7e7f5ffb986aa25e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}</path><vendor>PUP.Optional.FaceThemes</vendor><action></action><hash>3b44326b6714e74f7e7f5ffb986aa25e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}</path><vendor>PUP.Optional.FaceThemes</vendor><action></action><hash>3b44326b6714e74f7e7f5ffb986aa25e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}</path><vendor>PUP.Optional.FaceThemes</vendor><action></action><hash>3b44326b6714e74f7e7f5ffb986aa25e</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl</path><vendor>PUP.Optional.SearchToolbar</vendor><action></action><hash>4f30851881fab48207d04f39857d6f91</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1</path><vendor>PUP.Optional.SearchToolbar</vendor><action></action><hash>403f3865b5c6b284b324d2b6c73bcb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImpl</path><vendor>PUP.Optional.SearchToolbar</vendor><action></action><hash>403f3865b5c6b284b324d2b6c73bcb35</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1</path><vendor>PUP.Optional.SearchToolbar</vendor><action></action><hash>403f3865b5c6b284b324d2b6c73bcb35</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action></action><hash>95eae9b4bebd55e10b9db65df410857b</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action></action><hash>007f1489dd9ee74f97129380d133c23e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Coupon Companion</path><vendor>PUP.Optional.CouponCompanion.A</vendor><action></action><hash>b0cfd5c8c6b53ff7d7dac8fcd32f6799</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Spring Smart</path><vendor>PUP.Optional.SpringSmart.A</vendor><action></action><hash>aed12d70fd7ecd69b9d2a6588d769d63</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><hash>4d32227b7efd9e983f4e3884b9499769</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar</path><vendor>PUP.Optional.iWebar.A</vendor><action></action><hash>dba4207d275475c1a75c4b8e887a37c9</hash></key>
<key><path>HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Companion Plugin</path><vendor>PUP.Optional.CouponCompanion.A</vendor><action></action><hash>a5da524b6b10f343c8e71da7986aed13</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\spprt</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><hash>89f6138ae4977eb89eb68c26e51de719</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY</path><valuename>AppPath</valuename><vendor>PUP.Optional.MySearchDial.A</vendor><action></action><valuedata>C:\Program Files (x86)\Mysearchdial\1.8.29.0\</valuedata><hash>5a25debf87f434023b09050e44c0659b</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE</path><valuename>ImagePath</valuename><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><valuedata>C:\Users\owner\AppData\Local\ShieldPlus\spprt\spsvc.exe</valuedata><hash>4d32227b7efd9e983f4e3884b9499769</hash></value>
<value><path>HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.QuickStart.A</vendor><action></action><valuedata>quick_start@gmail.com</valuedata><hash>1f603766c5b657dfe4d417a417ebfd03</hash></value>
<value><path>HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{C9BD4C68-D86F-71D3-5841-B16F1DEC93F6}</valuename><vendor>PUP.Optional.BlockAndSurf</vendor><action></action><valuedata>C:\Program Files (x86)\BlockAndSurf-soft\173.xpi</valuedata><hash>afd07726aecd9c9a9efb19fada2a57a9</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action></action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>90ef118c106b55e14ab17a1faf55ca36</hash></data>
<data><path>HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED</path><valuename>Start_ShowSearch</valuename><vendor>PUM.Hijack.StartMenu</vendor><action></action><valuedata>0</valuedata><baddata>0</baddata><gooddata>1</gooddata><hash>700f04995d1eef4786b60b8b58aca45c</hash></data>
<folder><path>C:\Users\owner\AppData\Local\Updater21804</path><vendor>PUP.Optional.CrossRider.A</vendor><action></action><hash>225d900dd2a93afc8479acf2d1312ed2</hash></folder>
<folder><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma</path><vendor>PUP.Optional.QuickStart.A</vendor><action></action><hash>611e128bd7a4cc6af876c2e0d52d9e62</hash></folder>
<folder><path>C:\Users\owner\AppData\Local\ShieldPlus\spprt</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><hash>89f6138ae4977eb89eb68c26e51de719</hash></folder>
<folder><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn</path><vendor>PUP.Optional.SocialPrivacy</vendor><action></action><hash>7807f4a93645d66059f80ba9639f837d</hash></folder>
<folder><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijbcfomobdddpdojnddegfbelckhiij</path><vendor>PUP.Optional.BlockAndSurf.A</vendor><action></action><hash>4e31cecf5e1d7cbaba99684c43bfb54b</hash></folder>
<folder><path>C:\Users\owner\AppData\Local\TB\APISupport</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>136ccdd01b60d660aad0763e37cbe51b</hash></folder>
<folder><path>C:\Users\owner\AppData\Local\TB\APISupport\MiniSP_1.0.2.133</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>136ccdd01b60d660aad0763e37cbe51b</hash></folder>
<file><path>C:\Temp\sp-downloader.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action></action><hash>a8d7bde009727bbbba17cbbcc0418779</hash></file>
<file><path>C:\Users\owner\AppData\Local\Updater21804\Updater21804.exe</path><vendor>PUP.Optional.CouponCompanion.A</vendor><action></action><hash>9be4e9b41f5cf046cd80daa9d42d8779</hash></file>
<file><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage</path><vendor>PUP.Optional.BetterDeals.A</vendor><action></action><hash>1c6376273744b97d80a6219fdf23d828</hash></file>
<file><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal</path><vendor>PUP.Optional.BetterDeals.A</vendor><action></action><hash>1a65eab35d1e94a273b3d4ec6999649c</hash></file>
<file><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>c8b7adf0205b43f39b182b9aa45ea15f</hash></file>
<file><path>C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>e69958457803ae889b189f266f93b749</hash></file>
<file><path>C:\Windows\System32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action></action><hash>a475bf47c5d7c7001defe46f6ab9257b</hash></file>
<file><path>C:\Windows\System32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action></action><hash>c22d6e7bc28e0f3291bdee8bd36c2639</hash></file>
<file><path>C:\Users\owner\AppData\Local\ShieldPlus\spprt\spsvc.exe</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><hash>4d32227b7efd9e983f4e3884b9499769</hash></file>
<file><path>C:\Users\owner\AppData\Local\ShieldPlus\spprt\Data</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><hash>89f6138ae4977eb89eb68c26e51de719</hash></file>
<file><path>C:\Users\owner\AppData\Local\ShieldPlus\spprt\spprt.exe</path><vendor>PUP.Optional.ShieldPlus.A</vendor><action></action><hash>89f6138ae4977eb89eb68c26e51de719</hash></file>
<file><path>C:\Users\owner\AppData\Local\TB\APISupport\APISupport.dll</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>136ccdd01b60d660aad0763e37cbe51b</hash></file>
<file><path>C:\Users\owner\AppData\Local\TB\APISupport\APISupport.old</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>136ccdd01b60d660aad0763e37cbe51b</hash></file>
<file><path>C:\Users\owner\AppData\Local\TB\APISupport\MiniSP_1.0.2.133\MiniSP.dll</path><vendor>PUP.Optional.Conduit.A</vendor><action></action><hash>136ccdd01b60d660aad0763e37cbe51b</hash></file>
</items>
</mbam-log>
 

Link to post
Share on other sites

  • Root Admin

Can you please use copy/paste or export the log to a Text file.  The default xml file is not very user friendly for review.

 

Then please run FRST again and make sure you place a check mark in the ADDITIONS.TXT check box and get both logs and post back and we'll look at doing manual removals as needed.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Let's have you do the following

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Then reboot and run Combofix again and post back the new log.

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 15 01:43:23 2014

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.


 

 

 

ComboFix 14-07-14.01 - owner 07/15/2014   1:52.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.1588 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-15 to 2014-07-15  )))))))))))))))))))))))))))))))
.
.
2014-07-15 07:03 . 2014-07-15 07:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-15 06:54 . 2014-07-15 06:54    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E09582D1-0119-4BE2-8DD8-E9208C2FC5C8}\offreg.dll
2014-07-15 06:45 . 2014-07-02 03:09    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E09582D1-0119-4BE2-8DD8-E9208C2FC5C8}\mpengine.dll
2014-07-10 07:18 . 2014-06-03 10:02    1719296    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2014-07-10 07:18 . 2014-06-03 10:02    1389568    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2014-07-10 07:18 . 2014-06-03 10:02    1380864    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2014-07-10 07:18 . 2014-06-03 10:02    1354240    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 07:18 . 2014-06-03 09:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 07:16 . 2014-06-19 01:40    871936    ----a-w-    c:\program files\Internet Explorer\iedvtool.dll
2014-07-10 07:16 . 2014-06-19 00:41    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-07-10 07:16 . 2014-06-18 22:23    360960    ----a-w-    c:\program files\Internet Explorer\IEShims.dll
2014-07-10 07:16 . 2014-06-20 20:14    293048    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2014-07-10 07:16 . 2014-06-19 00:14    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 07:16 . 2014-06-18 23:53    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-07-10 07:16 . 2014-06-18 23:50    977408    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-07-10 07:16 . 2014-06-19 01:39    23464448    ----a-w-    c:\windows\system32\mshtml.dll
2014-07-10 07:14 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-10 07:13 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-10 07:13 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-08 05:06 . 2014-07-08 05:06    --------    d-----w-    c:\program files (x86)\ESET
2014-07-08 04:00 . 2014-07-08 04:06    --------    d-----w-    C:\AdwCleaner
2014-07-08 03:38 . 2014-07-08 03:38    --------    d-----w-    c:\windows\ERUNT
2014-07-04 08:22 . 2014-07-04 08:22    --------    d-----w-    c:\programdata\RogueKiller
2014-07-04 07:39 . 2014-07-04 07:39    --------    d-----w-    c:\program files (x86)\ERUNT
2014-06-29 01:21 . 2014-06-29 01:21    --------    d-----w-    c:\program files\CCleaner
2014-06-29 00:44 . 2014-06-29 00:45    --------    d-----w-    c:\program files\HijackThis
2014-06-29 00:18 . 2014-07-08 06:23    --------    d-----w-    C:\FRST
2014-06-29 00:16 . 2014-06-29 00:16    --------    d-sh--w-    c:\users\owner\AppData\Local\EmieUserList
2014-06-29 00:16 . 2014-06-29 00:16    --------    d-sh--w-    c:\users\owner\AppData\Local\EmieSiteList
2014-06-28 22:57 . 2014-06-28 22:57    --------    d-----w-    c:\program files\Speccy
2014-06-28 15:21 . 2014-06-28 15:21    --------    d-----w-    c:\programdata\Kaspersky Lab
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 09:00 . 2014-06-14 02:11    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-10 08:03 . 2010-02-15 16:44    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-10 06:57 . 2012-05-21 01:07    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 06:57 . 2011-06-19 18:25    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-09 16:55 . 2014-06-13 23:52    61120    ----a-w-    c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys
2014-05-12 12:26 . 2014-06-14 02:10    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-12 12:26 . 2014-06-14 02:10    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 12:25 . 2014-06-14 02:10    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-25 02:34 . 2014-06-14 00:05    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-14 00:05    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-04-24 17:29 . 2014-05-17 17:45    61120    ----a-w-    c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys
2009-04-08 18:31 . 2009-04-08 18:31    106496    ----a-w-    c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45    155648    ----a-w-    c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 2244608]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SPDRIVER_1.36.1.172;SPDRIVER_1.36.1.172;c:\program files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys;c:\program files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys [x]
R2 Update Spring Smart;Update Spring Smart;c:\program files (x86)\Spring Smart\updateSpringSmart.exe;c:\program files (x86)\Spring Smart\updateSpringSmart.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCSP.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNSP.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWVsp.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 {a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64;{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64;c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys;c:\windows\SYSNATIVE\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys [x]
S1 {a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64;{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64;c:\windows\system32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys;c:\windows\SYSNATIVE\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 pcmaxservice;pcmaxservice Service;c:\program files\pcmax\pcmax.exe;c:\program files\pcmax\pcmax.exe [x]
S2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys;c:\windows\SYSNATIVE\DRIVERS\GUCI_AVS.sys [x]
S3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 06:57]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884552425-3862824966-2796753314-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 10:32]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884552425-3862824966-2796753314-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 10:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2009-09-17 314880]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-09-24 1022368]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{0F24BD3D-0509-4453-A39F-3CFEC256FB26}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{26515128-BE00-4B6B-9B9E-1A1FF0F61BF4}\F6572786F657375623: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{454F96F1-AE92-4873-9C39-12215B7DCE53}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{62CF3988-ABE0-40FB-8CD8-3C28FFB21524}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{7AEED83A-7749-4B05-AADA-09706C0D39FA}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{A73E22EC-B49A-4D74-AF69-5E727CED3890}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{DD130B65-F022-41B7-9BCA-EF18E1AD302F}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tedj1r8l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-1B0807BA-A294-A921-61B6-D02EA86BD410 - c:\program files (x86)\BlockAndSurf-soft\Uninstall.exe
AddRemove-ASUSUSBDEVIC - c:\windows\uninstall.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe
AddRemove-dnsshield - c:\program files (x86)\Social Privacy  DNS\uninstall.exe
AddRemove-ShopperPro - c:\program files (x86)\ShopperPro\SPremove.exe
AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe
AddRemove-sp@sp.com - c:\program files (x86)\Social Privacy\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-884552425-3862824966-2796753314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-15  02:06:20
ComboFix-quarantined-files.txt  2014-07-15 07:06
ComboFix2.txt  2014-07-09 07:01
.
Pre-Run: 243,360,452,608 bytes free
Post-Run: 242,927,726,592 bytes free
.
- - End Of File - - F5253A4D72A6C60AEA62861DEFB051D1
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

 

Are you still seeing any signs of an infection?

 

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

Here is the Security Check log, it is still running sluggish especially online. And the homepage has gone to something called Tuvaro. Those strange programs that installed on the same day need to go and I wondered if there was anything else you saw in the logs from Combofix or Malwarebytes. Also, will it need a Javascript update since that last thing we did?

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro AntiVirus   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 HijackThis 1.99.1    
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 15.0.1 Firefox out of Date!  
 Google Chrome 33.0.1750.154  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro Internet Security SfCtlCom.exe  
 Trend Micro Internet Security UfSeAgnt.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

Please update your antivirus and do a Full System scan and let me know if it finds anything or not.
 
Then let me have you run these again.
 
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

 

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

 

Then restart the computer and let me know what sites or homepage issues you still have and run FRST again and make sure you put a check mark in the ADDITIONS.TXT check box and post back both new logs along with a descriptions of current issues you're having or seeing please.

 

Link to post
Share on other sites

Remember, this isn't my computer so I don't know why the antivirus was never updated.

 

I completed a Kaspersky scan and it found the following:

 

Detailed report
Problems found
    Scanning date:

Anti-Virus database update date:


Product version:     07/17/2014 03:06 AM

07/16/2014 07:32 PM


12.0.1.881

Computer protection (1)

Information about anti-virus software and firewalls installed on the computer.
Kaspersky Lab recommends
Anti-virus is disabled.

Malware (4)

Information about malware detected on the computer.
Kaspersky Lab recommends

    UDS:DangerousPattern.Multi.Generic
    BlockAndSurfe87.exe.vir  
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurf-soft
    UDS:DangerousObject.Multi.Generic
    spdns.exe  
    C:\Program Files (x86)\sp
    Trojan-Downloader.Win32.DNSChanger.a
    dnswatch.exe  
    C:\Program Files (x86)\sp\spdns.exe/
    HEUR:Trojan.Win32.Generic
    jsi.dll.vir  
    C:\Qoobox\Quarantine\C\Program Files (x86)\Secret Crush Revealer

Vulnerabilities (6)

Information about applications and operating system components in which vulnerabilities have been detected.

    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

Other issues (14)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

    "Process termination timeout is out of admissible values"
    "Service termination timeout is out of admissible values"
    "Autorun from hard drives is allowed"
    "Autorun from network drives is enabled"
    "CD/DVD autorun is enabled"
    "Removable media autorun is enabled"
    "Windows Explorer - show extensions of known file types"
    "Microsoft Internet Explorer - disable caching data received via protected channel"
    "Microsoft Internet Explorer: disable sending error reports"
    "Microsoft Internet Explorer: delete cookies"
    "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
    "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    "Windows Explorer: display of known file types extensions is disabled"
    "Microsoft Internet Explorer: start page reset"
 

Here is Adw log:

 

# AdwCleaner v3.216 - Report created 19/07/2014 at 14:25:29
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\Utilities\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : SMUpd
Service Deleted : SMUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\Program Files (x86)\YTDownloader
Folder Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn
Folder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Folder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
File Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\owner\Desktop\Search.lnk
File Deleted : C:\Windows\System32\Tasks\YTDownloader

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\owner\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\Software\GlobalUpdate

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tedj1r8l.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3209604
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3209604&UP=SP3B83E460-5045-4313-90CE-8676BCA6DF47&SSPV=
Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_24_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyCzy0BzzyDtCyB0DyByBtN0D0Tzu0SzzzyyDtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyB0CyCtCzz0F0F0AtGtByB0F0AtGtByEtBtBtG0CtB0EtDtGtA0FtCyD0AtDtCzzyDyDzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CtDtC0C0CyBtAtGtC0AtBzytGtBtA0C0EtGyE0Czy0AtGtAyE0EyEzytAzztCtBtCtB0B2Q&cr=959028116&ir=
Deleted [search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8740625D3FAD4AE&affID=128854&tt=120614_shldpol&tsp=5278
Deleted [search Provider] : hxxp://www-search.net/search.aspx?s=E6Ezadku1,af569a2e-65dc-4e63-90e2-6616f826593c,&q={searchTerms}
Deleted [search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1403965553&from=adks&uid=HitachiXHTS545032B9A300_091214PBPC00QDELX4GMX&i=psd&t=344d4246b&q={searchTerms}

*************************

AdwCleaner[R0].txt - [27124 octets] - [07/07/2014 23:01:14]
AdwCleaner[R1].txt - [5867 octets] - [19/07/2014 14:17:43]
AdwCleaner[s0].txt - [24298 octets] - [07/07/2014 23:06:15]
AdwCleaner[s1].txt - [4839 octets] - [19/07/2014 14:25:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4899 octets] ##########
 

 

And JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by owner on Sat 07/19/2014 at 13:56:53.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] update spring smart
Successfully deleted: [service] update spring smart



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{972287BF-59CA-449F-B86C-E1AEAB714937}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/19/2014 at 14:13:36.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

  • Root Admin

Please restart the computer and run the following. For the most part the system is probably reasonably clean now but the out of date applications need program updates from their respective home pages.

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

It is running much better, thanks. This looks like registry strands and all look like PUP.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/26/2014
Scan Time: 8:23:07 PM
Logfile: Malware0726.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.27.02
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309169
Time Elapsed: 17 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\APPID\{

F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, , [2a773c643744a78f3d4b6403f0121ce4],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, , [2a773c643744a78f3d4b6403f0121ce4],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}, , [1d849709354648ee2a61204735cd48b8],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}, , [1d849709354648ee2a61204735cd48b8],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}, , [1d849709354648ee2a61204735cd48b8],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}, , [1d849709354648ee2a61204735cd48b8],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64, , [2c75aff1e4973df9fbe0399179897a86],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64, , [dcc5d1cf6a1186b067743bef8d770bf5],
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\Coupon Companion, , [7e234b5539423cfaf51f26b6e2202dd3],
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, , [049da9f73e3d3bfbc47112dea2609d63],
PUP.Optional.CouponCompanion.A, HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Companion Plugin, , [6c35f6aa19624ceaef238755768cb947],

Registry Values: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, , [b9e8356b62193ef8d5a367c3ec18ed13]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, , [ebb6633d96e5af87b867b61d52b011ef]
PUP.Optional.BlockAndSurf, HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{C9BD4C68-D86F-71D3-5841-B16F1DEC93F6}, C:\Program Files (x86)\BlockAndSurf-soft\173.xpi, , [8b167b254e2d9d99359787a31ce8ed13]

Registry Data: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[8f12c3dd99e27db9ad99684e3cc8837d]
PUM.Hijack.StartMenu, HKU\S-1-5-21-884552425-3862824966-2796753314-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),,[524f752b037855e1bec97240976d28d8]

Folders: 4
PUP.Optional.CrossRider.A, C:\Users\owner\AppData\Local\Updater21804, , [e7ba722e0b70f4422e793e6d21e1857b],
PUP.Optional.BlockAndSurf.A, C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijbcfomobdddpdojnddegfbelckhiij, , [1c85d4ccfe7dfd3953a34f71e919d927],
PUP.Optional.Conduit.A, C:\Users\owner\AppData\Local\TB\APISupport, , [029ff4ac6219d6601b023d84986a3fc1],
PUP.Optional.Conduit.A, C:\Users\owner\AppData\Local\TB\APISupport\MiniSP_1.0.2.133, , [029ff4ac6219d6601b023d84986a3fc1],

Files: 7
PUP.Optional.SearchProtect.A, C:\Temp\sp-downloader.exe, , [465bd8c8e89361d53eb82267649d1fe1],
PUP.Optional.CouponCompanion.A, C:\Users\owner\AppData\Local\Updater21804\Updater21804.exe, , [b9e8168a3b400036f87999ecdc25758b],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}Gw64.sys, , [a475bf47c5d7c7001defe46f6ab9257b],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}w64.sys, , [c22d6e7bc28e0f3291bdee8bd36c2639],
PUP.Optional.Conduit.A, C:\Users\owner\AppData\Local\TB\APISupport\APISupport.dll, , [029ff4ac6219d6601b023d84986a3fc1],
PUP.Optional.Conduit.A, C:\Users\owner\AppData\Local\TB\APISupport\APISupport.old, , [029ff4ac6219d6601b023d84986a3fc1],
PUP.Optional.Conduit.A, C:\Users\owner\AppData\Local\TB\APISupport\MiniSP_1.0.2.133\MiniSP.dll, , [029ff4ac6219d6601b023d84986a3fc1],

Physical Sectors: 0
(No malicious items detected)


(end)
Link to post
Share on other sites

  • Root Admin

Those items need to be removed but the logs show that you did not ask to have them removed. Please run the scan again and make sure you tell it to remove them. Then restart the computer and run a new MBAM scan and it should come back clean this time.

 

Post back the new log when ready

Link to post
Share on other sites

I think the laptop can be given a clean bill of health. It runs much better. Thanks for all of your help. Is there anything more you can think I need to do?

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/29/2014 11:50:53 PM, SYSTEM, OWNER-PC, Manual, Malware Database, 2014.7.27.2, 2014.7.30.3,

(end)

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.