Jump to content

MBAM unable to start and possible adware infections


Recommended Posts

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Heres the FRST thing 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Owner (administrator) on MARYROSE on 22-08-2014 16:47:00
Running from C:\Users\Owner\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Sony NSCE) C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(i-Funbox.com) C:\Program Files\iFunbox 2014\iFunBox2014.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2008-02-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-29] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iSBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-04] (Sony Corporation)
HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [36864 2013-02-14] (Sony NSCE)
HKLM\...\Run: [AML] => C:\Program Files\Sony\VAIO Launcher\AML.exe [1093632 2008-03-27] (Sony)
HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2008-04-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [Registry Helper] => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1483241160-1375744405-2248477392-1000\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-04-23] (Sony Corporation)
HKU\S-1-5-21-1483241160-1375744405-2248477392-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1483241160-1375744405-2248477392-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-20] (Google Inc.)
HKU\S-1-5-21-1483241160-1375744405-2248477392-1000\...\Run: [iFunBox Price Watch] => C:\Program Files\iFunbox 2014\iFunBox2014.exe [7748096 2013-11-26] (i-Funbox.com)
HKU\S-1-5-21-1483241160-1375744405-2248477392-1000\...\MountPoints2: {722c22f8-7582-11e3-ad38-001dba2029d1} - I:\InnoTabSetup.exe
AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll => c:\progra~2\wincert\win32c~1.dll File Not Found
AppInit_DLLs:  c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\progra~1\movies~1\datamngr\mgrldr.dll File Not Found
AppInit_DLLs:  c:\progra~2\browse~3\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-05] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://partnerpage.google.com/eu.sony.com/uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://partnerpage.google.com/eu.sony.com/uk
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ttopbuoyeor -> {661A3611-1A61-89C6-AB8D-9E25DEDD2F03} -> C:\ProgramData\ttopbuoyeor\QIP.dll ()
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Google BAE\BAE.dll (Your Company Name)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Rich Media View -> {fa87609f-75d5-4630-907c-81680d0f0c20} -> C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ie\RichMediaViewV1release1520.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.5 89.101.160.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-07]
FF Extension: No Name - C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ff [2014-05-15]
 
Chrome: 
=======
CHR StartupUrls: "hxxp://rocket-find.com/?f=7&a=rckt_ir_14_28_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0EtA0D0E0BzztAyB0C0C0BtD0FtN0D0Tzu0SzytByEtN1L2XzutBtFtBtCtFtCyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtDtDyBzzyEtDyCtGtAzz0E0AtG0B0C0A0CtGyE0C0AtDtGtAtBzyyDtC0Azy0DtA0FtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0A0D0EyDtD0EtG0C0D0EzytGyCyDtDyEtGzz0FzztDtGtC0F0AyE0A0C0ByEtBtC0DtD2Q&cr=1835438364&ir=", "hxxp://www.sweet-page.com/?type=hp&ts=1405184145&from=cor&uid=WDCXWD2500BEVT-00A23T0_WD-WXD1E91KSZX4KSZX4"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR HKLM\...\Chrome\Extension: [befemjbgfaebncdgcmdliiildoibpehj] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ch\RichMediaViewV1release1520.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [clgoeeicknhpggacngcfnjmadjjdlagk] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1614\ch\MediaViewerV1alpha1614.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [djknjkehhghmknkjfoimpiojnfbiojik] - C:\Program Files\MediaViewV1\MediaViewV1alpha258\ch\MediaViewV1alpha258.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [ejmgneaabhkhighadeedpldmbpomacmc] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6355\ch\MediaBuzzV1mode6355.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [fioihcgnlehhnjhngcgepgaheiimlfcl] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta938\ch\VideoPlayerV3beta938.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [gepmeanipmghceblfenndojkpnbeajgj] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha7181\ch\WebexpEnhancedV1alpha7181.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [jpkafboaapoekmgncoomafekeanfcngc] - C:\Program Files\MediaViewV1\MediaViewV1alpha1130\ch\MediaViewV1alpha1130.crx [2013-10-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 671c50b0; c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll [186192 2014-08-05] () [File not signed]
R2 AdobeActiveFileMonitor6.0; c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-05-01] (Intel® Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-05-16] (Macrovision Europe Ltd.) [File not signed]
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [689032 2014-07-12] (Cherished Technololgy LIMITED) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [229376 2008-04-04] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-01] (Intel® Corporation) [File not signed]
R2 RtkHDMIService; C:\Windows\RtkAudioService.exe [98304 2008-04-29] (Realtek Semiconductor) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [104288 2008-03-05] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [350048 2008-03-05] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [63328 2008-03-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-10] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-05-13] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-04-24] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2008-02-15] (Sony Corporation) [File not signed]
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-12] (Fuyu LIMITED) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
S2 Util GreyGray; "C:\Program Files\GreyGray\bin\utilGreyGray.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-31] (ArcSoft, Inc.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [142624 2008-04-28] (Realtek Semiconductor Corp.)
R1 {f551efce-3692-4ed5-8201-c1c7dbef1744}t; C:\Windows\System32\drivers\{f551efce-3692-4ed5-8201-c1c7dbef1744}t.sys [55224 2014-04-24] (StdLib)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-22 16:47 - 2014-08-22 16:47 - 00022235 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-08-22 16:46 - 2014-08-22 16:47 - 00000000 ____D () C:\FRST
2014-08-22 16:46 - 2014-08-22 16:46 - 01094144 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-08-22 16:45 - 2014-08-22 16:46 - 01094144 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-08-19 10:59 - 2014-08-19 11:00 - 00000000 ____D () C:\ProgramData\ttopbuoyeor
2014-08-18 16:23 - 2014-08-18 16:23 - 00282897 _____ () C:\Users\Owner\Downloads\High Efficiency Mob Spawner.zip
2014-08-15 20:18 - 2014-06-26 23:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 20:18 - 2014-06-26 23:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 20:18 - 2014-06-26 23:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 20:18 - 2014-06-06 05:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 19:56 - 2014-07-24 19:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 19:56 - 2014-07-24 18:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 19:56 - 2014-07-24 18:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 19:56 - 2014-07-24 18:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 19:56 - 2014-07-24 18:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 19:56 - 2014-07-24 18:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 19:56 - 2014-07-24 18:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 19:56 - 2014-07-24 18:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 19:56 - 2014-07-24 18:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 19:56 - 2014-07-24 18:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 19:56 - 2014-07-24 18:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 19:56 - 2014-07-24 18:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 19:56 - 2014-07-24 18:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 19:56 - 2014-07-24 18:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 19:56 - 2014-07-24 18:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 19:56 - 2014-07-24 18:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 19:56 - 2014-07-24 18:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 19:56 - 2014-07-24 18:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 19:56 - 2014-07-24 18:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 19:56 - 2014-07-24 18:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 19:56 - 2014-07-24 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 19:51 - 2014-06-02 11:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 19:51 - 2014-06-02 11:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 19:51 - 2014-06-02 11:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 19:51 - 2014-06-02 11:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 19:51 - 2014-06-02 09:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 19:47 - 2014-07-08 01:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 19:47 - 2014-06-14 01:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 19:47 - 2014-06-14 01:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 19:42 - 2014-07-25 05:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 19:42 - 2014-07-25 03:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-07 19:55 - 2014-08-07 19:55 - 00000000 ____D () C:\Program Files\surfkeepit
2014-08-07 19:23 - 2014-08-07 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-05 13:54 - 2014-08-19 11:00 - 00000000 ____D () C:\ProgramData\aab3e75e42e1ebaa
2014-08-05 13:54 - 2014-08-08 11:48 - 00000000 ____D () C:\ProgramData\surfkeepit
2014-08-05 13:34 - 2014-08-05 13:34 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-07-31 20:21 - 2014-07-31 20:21 - 04327535 _____ () C:\Users\Owner\Downloads\SC16-64 v26 - Place this in your 'resourcepacks' folder, WITHOUT extracting.zip
2014-07-30 19:59 - 2014-07-30 19:59 - 00000042 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-22 16:47 - 2014-08-22 16:47 - 00022235 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-08-22 16:47 - 2014-08-22 16:46 - 00000000 ____D () C:\FRST
2014-08-22 16:46 - 2014-08-22 16:46 - 01094144 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-08-22 16:46 - 2014-08-22 16:45 - 01094144 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-08-22 16:45 - 2014-04-22 15:13 - 00000000 ____D () C:\Users\Owner\Desktop\Games
2014-08-22 16:42 - 2013-02-14 18:10 - 02061363 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 16:39 - 2013-10-26 13:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-22 16:02 - 2013-02-20 15:44 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 16:02 - 2013-02-20 15:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 15:59 - 2014-07-12 17:59 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-08-22 15:00 - 2014-06-20 20:54 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 14:53 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 14:53 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 13:09 - 2013-10-26 13:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-08-22 12:53 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 12:53 - 2006-11-02 13:47 - 00334496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 20:49 - 2008-05-16 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-21 20:49 - 2006-11-02 14:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 20:48 - 2013-10-28 23:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-08-21 12:35 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-19 22:30 - 2006-11-02 11:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 11:00 - 2014-08-19 10:59 - 00000000 ____D () C:\ProgramData\ttopbuoyeor
2014-08-19 11:00 - 2014-08-05 13:54 - 00000000 ____D () C:\ProgramData\aab3e75e42e1ebaa
2014-08-18 16:23 - 2014-08-18 16:23 - 00282897 _____ () C:\Users\Owner\Downloads\High Efficiency Mob Spawner.zip
2014-08-16 11:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-08-15 20:22 - 2014-01-27 23:50 - 00133120 _____ () C:\Windows\PFRO.log
2014-08-15 20:20 - 2013-02-14 18:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-08 11:48 - 2014-08-05 13:54 - 00000000 ____D () C:\ProgramData\surfkeepit
2014-08-07 19:55 - 2014-08-07 19:55 - 00000000 ____D () C:\Program Files\surfkeepit
2014-08-07 19:25 - 2014-06-20 20:54 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 19:25 - 2014-06-20 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 19:25 - 2014-06-20 20:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-07 19:24 - 2014-08-07 19:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-05 13:34 - 2014-08-05 13:34 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-08-05 13:34 - 2014-07-12 18:15 - 00000000 ____D () C:\ProgramData\2308189059
2014-08-05 09:20 - 2013-10-08 16:58 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 20:21 - 2014-07-31 20:21 - 04327535 _____ () C:\Users\Owner\Downloads\SC16-64 v26 - Place this in your 'resourcepacks' folder, WITHOUT extracting.zip
2014-07-30 19:59 - 2014-07-30 19:59 - 00000042 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-07-25 11:04 - 2014-02-22 22:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 05:26 - 2014-08-15 19:42 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 03:53 - 2014-08-15 19:42 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 19:07 - 2014-08-15 19:56 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 19:01 - 2014-02-22 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:58 - 2014-08-15 19:56 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 18:57 - 2014-08-15 19:56 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 18:52 - 2014-08-15 19:56 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 18:51 - 2014-08-15 19:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 18:51 - 2014-08-15 19:56 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 18:50 - 2014-08-15 19:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 18:50 - 2014-08-15 19:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 18:49 - 2014-08-15 19:56 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 18:49 - 2014-08-15 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 18:49 - 2014-08-15 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 18:49 - 2014-08-15 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 18:49 - 2014-08-15 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 18:48 - 2014-08-15 19:56 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 18:48 - 2014-08-15 19:56 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 18:48 - 2014-08-15 19:56 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 18:48 - 2014-08-15 19:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 18:48 - 2014-08-15 19:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 18:48 - 2014-08-15 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 18:48 - 2014-08-15 19:56 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 18:47 - 2014-08-15 19:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\bdfilters.dll
C:\Users\Owner\AppData\Local\Temp\jtndlbmh.dll
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\sbknmk_8.dll
C:\Users\Owner\AppData\Local\Temp\_is68F0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-22 12:59
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Here is rogue killler  I wasnt able to run MBAM as i said so thats all

 

RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 08/22/2014  17:02:26
 
¤¤¤ Bad processes : 3 ¤¤¤
[suspicious.Path] rundll32.exe -- c:\progra~2\browse~3\browse~1.dll[-] -> UNLOADED
[suspicious.Path] rundll32.exe -- c:\progra~2\browse~3\BrowserSystemEnahncerSvc.dll[-] -> UNLOADED
[suspicious.Path] (SVC) WindowsMangerProtect -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service[-] -> STOPPED
 
¤¤¤ Registry Entries : 19 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Skytel : Skytel.exe  -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginServices -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.5 89.101.160.4  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.5 89.101.160.4  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.5 89.101.160.4  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65414C2C-7BF2-4D78-A276-A189BC82BBED} | DhcpNameServer : 89.101.160.5 89.101.160.4  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{839902BA-D935-4ED6-B980-A0E868427C8B} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{65414C2C-7BF2-4D78-A276-A189BC82BBED} | DhcpNameServer : 89.101.160.5 89.101.160.4  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{839902BA-D935-4ED6-B980-A0E868427C8B} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{65414C2C-7BF2-4D78-A276-A189BC82BBED} | DhcpNameServer : 89.101.160.5 89.101.160.4  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{839902BA-D935-4ED6-B980-A0E868427C8B} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] HKEY_USERS\S-1-5-21-1483241160-1375744405-2248477392-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:blank  -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] Rocket Updater.job -- C:\Users\Owner\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\Rocket Updater -- C:\Users\Owner\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 115 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7504152c
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7504c80a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7503dd2c
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - AutoTrace : C:\Windows\system32\DUser.dll @ 0x75047041
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7504c9a7
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x75041135
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x75047131
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7504118c
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - CreateAction : C:\Windows\system32\DUser.dll @ 0x75037339
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - CreateGadget : C:\Windows\system32\DUser.dll @ 0x75035197
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7504c83a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7504b7e8
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7504c776
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7504c7b9
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7504b81e
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7504b9c1
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7504c6e7
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x75040020
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x75040096
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x750478fd
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7504c7c9
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x75047908
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x75047913
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7504791e
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7504c735
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7503630f
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7504b639
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7503a5b1
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x75039f93
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7503b046
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x75033258
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7504b5b0
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x750484e4
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x75033ef8
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7503657d
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DllMain : C:\Windows\system32\DUser.dll @ 0x750376f9
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7504c646
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - EndTransition : C:\Windows\system32\DUser.dll @ 0x7504ca90
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7504c30f
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x75036da8
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7504c19d
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7503dc66
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7504c06b
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x75041cb5
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7504cb05
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetDebug : C:\Windows\system32\DUser.dll @ 0x7504705d
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadget : C:\Windows\system32\DUser.dll @ 0x7504c527
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x75037083
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x75042d45
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7504be6f
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7503ce28
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7504c5ba
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75037135
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x75032d8e
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7503540a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7504bfbb
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7504bd35
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7504bbe9
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7504c3ca
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7504232c
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7503c94f
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7503f459
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7504b6c3
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7504cbea
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x75032c3b
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7504ce45
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7503faf7
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7504cd46
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7504ccd2
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7504cc5e
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7504b82e
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7504c933
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7504b8be
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7503e373
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x75033de5
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7504ba7f
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7504b56c
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7504121d
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7504cdbc
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x75043861
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7504b710
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7504b75e
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7504c8b0
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7504ca1c
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x75037ba3
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7504c149
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75037d5d
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7504c21a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75040dee
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7504cb82
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x75042c09
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7504bf0a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7504bb47
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x75042149
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7503cebb
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x75043188
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x75035a70
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7504c45d
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x750355f8
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x75041284
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x75035305
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7503e857
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7504bdc9
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7504bc84
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x75034c48
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7504b93f
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7504c171
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7504c149
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7504c2e3
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7504b83a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7504b84a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7504b85a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7504b86a
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7504cd78
[EAT:Addr] (explorer.exe) MMDevAPI.DLL - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7504b7ac
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-00A23T0 +++++
--- User ---
[MBR] c00abe28680045995367f76fd6e0a9cb
[bSP] 6e6bc5a7577d2aaa56fd66d9b95abdb3 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10481 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21467136 | Size: 227992 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Ricoh SD/MMC Disk Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Ricoh Memory Stick Disk Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Link to post
Share on other sites

Last thing can I uninstall these programs after this?

Yes, when we're done

=================================================

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ------------------------------------

    Please uninstall these programs: (adware)

    Browser System Enahncer

    MyPC Backup

    WindowsMangerProtect20.0.0.502

    --------------------

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ---------------------

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Do a clean re-instal of Malwarebytes:

    https://forums.malwarebytes.org/index.php?/topic/146017-mbam-clean-removal-process-2x/ <---clean re-install

    If you're using Malwarebytes 2.0, please run a Threat Scan

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

     

Link to post
Share on other sites

heres the fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-08-2014
Ran by Owner at 2014-08-22 17:39:24 Run:1
Running from C:\Users\Owner\Desktop\New Folder
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Registry Helper] => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
C:\Program Files\Registry Helper
AppInit_DLLs:  c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\progra~1\movies~1\datamngr\mgrldr.dll File Not Found
AppInit_DLLs:  c:\progra~2\browse~3\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-05] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {05CBB9DB-A55A-4A7D-8D12-8068E012F708} URL = http://rocket-find.c...=1835438364&ir=
BHO: ttopbuoyeor -> {661A3611-1A61-89C6-AB8D-9E25DEDD2F03} -> C:\ProgramData\ttopbuoyeor\QIP.dll ()
C:\ProgramData\ttopbuoyeor
BHO: Rich Media View -> {fa87609f-75d5-4630-907c-81680d0f0c20} -> C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ie\RichMediaViewV1release1520.dll No File
C:\Program Files\RichMediaViewV1
FF Extension: No Name - C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ff [2014-05-15]
CHR HKLM\...\Chrome\Extension: [befemjbgfaebncdgcmdliiildoibpehj] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ch\RichMediaViewV1release1520.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [clgoeeicknhpggacngcfnjmadjjdlagk] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1614\ch\MediaViewerV1alpha1614.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [djknjkehhghmknkjfoimpiojnfbiojik] - C:\Program Files\MediaViewV1\MediaViewV1alpha258\ch\MediaViewV1alpha258.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [ejmgneaabhkhighadeedpldmbpomacmc] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6355\ch\MediaBuzzV1mode6355.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [fioihcgnlehhnjhngcgepgaheiimlfcl] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta938\ch\VideoPlayerV3beta938.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [gepmeanipmghceblfenndojkpnbeajgj] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha7181\ch\WebexpEnhancedV1alpha7181.crx [2013-10-03]
CHR HKLM\...\Chrome\Extension: [jpkafboaapoekmgncoomafekeanfcngc] - C:\Program Files\MediaViewV1\MediaViewV1alpha1130\ch\MediaViewV1alpha1130.crx [2013-10-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 671c50b0; c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll [186192 2014-08-05] () [File not signed]
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [689032 2014-07-12] (Cherished Technololgy LIMITED) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-12] (Fuyu LIMITED) [File not signed]
S2 Util GreyGray; "C:\Program Files\GreyGray\bin\utilGreyGray.exe" [X]
C:\Program Files\GreyGray
R1 {f551efce-3692-4ed5-8201-c1c7dbef1744}t; C:\Windows\System32\drivers\{f551efce-3692-4ed5-8201-c1c7dbef1744}t.sys [55224 
C:\Windows\System32\drivers\{f551efce-3692-4ed5-8201-c1c7dbef1744}t.sys
C:\ProgramData\ttopbuoyeor
C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe
C:\ProgramData\aab3e75e42e1ebaa
C:\ProgramData\surfkeepit
C:\ProgramData\Browser System Enahncer
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Owner\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Registry Helper => value deleted successfully.
"C:\Program Files\Registry Helper" => File/Directory not found.
" c:\progra~1\movies~1\datamngr\mgrldr.dll" => Value Data removed successfully.
" c:\progra~2\browse~3\browse~1.dll" => Value Data not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05CBB9DB-A55A-4A7D-8D12-8068E012F708}" => Key deleted successfully.
"HKCR\CLSID\{05CBB9DB-A55A-4A7D-8D12-8068E012F708}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{661A3611-1A61-89C6-AB8D-9E25DEDD2F03}" => Key deleted successfully.
"HKCR\CLSID\{661A3611-1A61-89C6-AB8D-9E25DEDD2F03}" => Key deleted successfully.
C:\ProgramData\ttopbuoyeor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa87609f-75d5-4630-907c-81680d0f0c20}" => Key deleted successfully.
"HKCR\CLSID\{fa87609f-75d5-4630-907c-81680d0f0c20}" => Key deleted successfully.
C:\Program Files\RichMediaViewV1 => Moved successfully.
C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ff => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\befemjbgfaebncdgcmdliiildoibpehj" => Key deleted successfully.
"C:\Program Files\RichMediaViewV1\RichMediaViewV1release1520\ch\RichMediaViewV1release1520.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\clgoeeicknhpggacngcfnjmadjjdlagk" => Key deleted successfully.
"C:\Program Files\MediaViewerV1\MediaViewerV1alpha1614\ch\MediaViewerV1alpha1614.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\djknjkehhghmknkjfoimpiojnfbiojik" => Key deleted successfully.
"C:\Program Files\MediaViewV1\MediaViewV1alpha258\ch\MediaViewV1alpha258.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ejmgneaabhkhighadeedpldmbpomacmc" => Key deleted successfully.
"C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6355\ch\MediaBuzzV1mode6355.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fioihcgnlehhnjhngcgepgaheiimlfcl" => Key deleted successfully.
"C:\Program Files\VideoPlayerV3\VideoPlayerV3beta938\ch\VideoPlayerV3beta938.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gepmeanipmghceblfenndojkpnbeajgj" => Key deleted successfully.
"C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha7181\ch\WebexpEnhancedV1alpha7181.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jpkafboaapoekmgncoomafekeanfcngc" => Key deleted successfully.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1130\ch\MediaViewV1alpha1130.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
671c50b0 => Service not found.
IePluginServices => Service deleted successfully.
WindowsMangerProtect => Service not found.
Util GreyGray => Service deleted successfully.
"C:\Program Files\GreyGray" => File/Directory not found.
{f551efce-3692-4ed5-8201-c1c7dbef1744}t => Unable to stop service
{f551efce-3692-4ed5-8201-c1c7dbef1744}t => Service deleted successfully.
C:\Windows\System32\drivers\{f551efce-3692-4ed5-8201-c1c7dbef1744}t.sys => Moved successfully.
"C:\ProgramData\ttopbuoyeor" => File/Directory not found.
C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe => Moved successfully.
C:\ProgramData\aab3e75e42e1ebaa => Moved successfully.
C:\ProgramData\surfkeepit => Moved successfully.
"C:\ProgramData\Browser System Enahncer" => File/Directory not found.
C:\Windows\Tasks\Rocket Updater.job => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

AdwCleaner log# AdwCleaner v3.308 - Report created 22/08/2014 at 17:57:46

# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Owner - MARYROSE
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2308189059
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Registry Helper
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NetCrawl
Folder Deleted : C:\Users\Owner\AppData\Local\genienext
Folder Deleted : C:\Users\Owner\AppData\Local\ilividmoviestoolbarha
Folder Deleted : C:\Users\Owner\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Owner\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\NetCrawl
Folder Deleted : C:\Users\Owner\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Owner\AppData\LocalLow\ilividmoviestoolbarha
Folder Deleted : C:\Users\Owner\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Owner\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Owner\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Owner\Documents\Mobogenie
Folder Deleted : C:\Users\Owner\Documents\Optimizer Pro
File Deleted : C:\Windows\system32\RegistryHelperLM.ocx
File Deleted : C:\Users\Owner\daemonprocess.txt
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\suRfkeuepit.suRfkeuepit
Key Deleted : HKLM\SOFTWARE\Classes\suRfkeuepit.suRfkeuepit.8.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8786613E-3DD5-5470-F185-CFCB9270C979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8786613E-3DD5-5470-F185-CFCB9270C979}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\Registry Helper
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\wincert\win32c~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16563
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [startup_urls] : hxxp://rocket-find.com/?f=7&a=rckt_ir_14_28_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0EtA0D0E0BzztAyB0C0C0BtD0FtN0D0Tzu0SzytByEtN1L2XzutBtFtBtCtFtCyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtDtDyBzzyEtDyCtGtAzz0E0AtG0B0C0A0CtGyE0C0AtDtGtAtBzyyDtC0Azy0DtA0FtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0A0D0EyDtD0EtG0C0D0EzytGyCyDtDyEtGzz0FzztDtGtC0F0AyE0A0C0ByEtBtC0DtD2Q&cr=1835438364&ir=
Deleted [startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1405184145&from=cor&uid=WDCXWD2500BEVT-00A23T0_WD-WXD1E91KSZX4KSZX4
Deleted [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
 
*************************
 
AdwCleaner[R0].txt - [8189 octets] - [22/08/2014 17:53:31]
AdwCleaner[s0].txt - [8253 octets] - [22/08/2014 17:57:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8313 octets] ##########
Link to post
Share on other sites

Junkware Removol~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by Owner on 22/08/2014 at 18:09:23.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "\big fish games"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/08/2014 at 18:11:35.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

log

Link to post
Share on other sites

Good.....if there's no other problems:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

here is the info 

 

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java SE Development Kit 7 Update 45 
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 15 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


=================================

Go to your Programs and Features and uninstall these and all the other Java listed:
Java 7 Update 45
Java SE Development Kit 7 Update 45


Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 67) from Here. Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

================================


Adobe Reader 10.1.9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

=================================


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.