Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal help - Multiple toolbars malware spyware on laptop - vista


  • This topic is locked This topic is locked
27 replies to this topic

#1 sexymonkey

sexymonkey

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 07 March 2013 - 04:51 PM

Hello!

 

I've returned - again - a friend has asked me to look at their laptop as it's slow and needs a clean up.......and the rest!

 

1. Firstly, switched on, slowly - ran ccleaner - cleared up 9000+ internet temp files, 2000+ cookies.......almost 10GB of space total cleared! Also CC registry clean.

 

2. Ran a quick Malwarebytes scan - found 140+ infections - removed them.

 

Then ran full scan - found a few more - removed them too.

 

SHOCKED!

 

3. Did Windows update - essential updates - OK.  Windows defender updated too.

 

4. Also updated Free Avira Antivirus - although not yet installed the absolute current version (2013).

 

5. Disabled everything possible (as far as I'm comfortable with) in Startup (msconfig) and in IE startup and context menu etc.

 

6. Installed Revouninstaller to try get rid of a few things - had second thoughts due to various things unknown to me (I am very anti-toolbar hence my hesitation to try uninstall and cause more problems) - some of installed are as follows:

 

BING toolbar

Google toolbar

Televisionfanatic toolbar

IB updater

Wajam

Bonjour

Games_Bar_1.Toolbar

Browser Choice

Move networks Media Player for IE

 

Avira alerted a Shopping Sidekick plugin, also TR/trash (?) detection keeps popping up in Avira Guard.

 

Also something about a Mindspark toolbar stopped working ('error message') although it didn't happen on current log in.

 

Probably other things too (I'm unfamiliar with Apple-related products) - she uses iPhone/tunes etc and Sony Ericsson phones I believe. 

 

Just finishing another Malwarebytes full scan then will do the DDS log as requested.

 

Thank you in advance for your advice and help :)

 

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464
Run by Kel at 21:42:37 on 2013-03-07
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1917.980 [GMT 0:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm016^S03609^gb&ptb=78D2C1E2-5F80-4531-99BE-D66ED590AC85&si=CMyHuMa5n7MCFSbMtAodqk0Azw
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970
uSearch Page = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970
uURLSearchHooks: {0696f815-a3a9-490a-bb14-9ec3350b1276} - <orphaned>
mURLSearchHooks: Games Bar 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\tbGame.dll
TB: Games Bar 1 Toolbar: {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - c:\program files\games_bar_1\tbGame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Games Bar 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\tbGame.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E7AB3C38-31A3-4B74-AE98-11CF07F2A7CC} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-10 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-10 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-23 21504]
R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2013-1-20 188760]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-10-9 90112]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-10-5 109064]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-24 342016]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2012-10-26 42504]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-10-9 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-10-9 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-10-9 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-10-9 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-10-9 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-10-9 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-10-9 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-07 00:37:13    --------    d-----w-    c:\program files\CCleaner
2013-03-06 22:20:25    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-06 21:58:02    --------    d-----w-    c:\windows\pss
2013-03-06 21:19:30    768000    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-06 21:12:36    2048512    ----a-w-    c:\windows\system32\win32k.sys
2013-03-06 21:10:37    1314816    ----a-w-    c:\windows\system32\quartz.dll
2013-03-06 21:10:34    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-03-06 21:10:29    3602808    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-06 21:10:29    3550072    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-06 00:28:42    --------    d-----w-    c:\program files\Adobe(1)
2013-03-05 23:34:13    --------    d-----w-    c:\users\kel\appdata\local\Windows Live
2013-03-05 22:51:15    --------    d-----w-    c:\users\kel\appdata\roaming\SUPERAntiSpyware.com
2013-03-05 22:50:36    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-03-05 22:50:35    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-05 21:33:03    --------    d-----w-    c:\users\kel\appdata\roaming\Malwarebytes
2013-03-05 21:32:45    --------    d-----w-    c:\programdata\Malwarebytes
2013-03-05 21:32:42    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-05 21:26:20    --------    d-----w-    c:\program files\VS Revo Group
2013-03-05 20:45:49    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{6a378a8d-6539-41bd-b050-9beb4e185b11}\offreg.dll
2013-03-05 20:32:08    6954968    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{6a378a8d-6539-41bd-b050-9beb4e185b11}\mpengine.dll
.
==================== Find3M  ====================
.
2013-01-20 19:19:30    70304    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 19:19:30    418464    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-17 01:28:58    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-08 22:11:21    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-12-16 13:12:54    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 10:50:29    293376    ----a-w-    c:\windows\system32\atmfd.dll
.
============= FINISH: 21:43:33.45 ===============

Attached File  Attach.txt   7.86KB   0 downloads
 

 

 

 

 

 

 

 

 

 


sexymonkey


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:03 AM

Posted 07 March 2013 - 05:42 PM

Hello Victim,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic. I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the Delete and select
    Run%20as%20admin.png
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

AdwCleaner log

JRT.txt

Roguekiller log

How is the machine running now?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 07 March 2013 - 06:37 PM

thank you for the prompt reply!

will do these tasks tomorrow night and post relevent info - thank you :)


sexymonkey


#4 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 08 March 2013 - 02:38 PM

Doing the above tasks now - forgot to say the IE opens at homepage 'mywebsearch' ......will post logs ASAP.

Cheers

Sabs


sexymonkey


#5 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 08 March 2013 - 02:58 PM

Am I meant to delete anything after scanning or do you just want the logs?  I have them now......

 

IGNORE - SEE POST BELOW


Edited by sexymonkey, 08 March 2013 - 03:23 PM.

sexymonkey


#6 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 08 March 2013 - 03:22 PM

LOGS AS REQUESTED

 

ADW:

# AdwCleaner v2.114 - Logfile created 03/08/2013 at 19:34:09
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Kel - KEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Kel\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\user.js
File Found : C:\Windows\system32\ImhxxpComm.dll
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Games_Bar_1
Folder Found : C:\Program Files\IB Updater
Folder Found : C:\Program Files\incredibar.com
Folder Found : C:\Program Files\Wajam
Folder Found : C:\Users\Kel\AppData\Local\Smartbar
Folder Found : C:\Users\Kel\AppData\Local\Wajam
Folder Found : C:\Users\Kel\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kel\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Kel\AppData\LocalLow\Games_Bar_1
Folder Found : C:\Users\Kel\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Kel\AppData\LocalLow\Media Access Startup
Folder Found : C:\Users\Kel\AppData\LocalLow\Smartbar
Folder Found : C:\Users\Kel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Windows\system32\WNLT

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\Games_Bar_1
Key Found : HKCU\Software\AppDataLow\Software\Media Access Startup
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Games_Bar_1 Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B945C42-7EE6-4DA7-B467-E417CC119A3A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FocusInteractive
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\Software\Games_Bar_1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F84D69AA-3E20-4305-984E-18E640D7F7FF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B945C42-7EE6-4DA7-B467-E417CC119A3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Games_Bar_1 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\Software\MyWebSearch
Key Found : HKLM\Software\Wajam
Key Found : HKLM\Software\WNLT
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKU\S-1-5-21-247945308-1252465258-142441894-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm016^S03609^gb&ptb=78D2C1E2-5F80-4531-99BE-D66ED590AC85&si=CMyHuMa5n7MCFSbMtAodqk0Azw
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=a83e8bef-bfc6-4d0f-90fb-93cd6b2769dd&searchtype=ds&q={searchTerms}&installDate=01/01/1970

*************************

AdwCleaner[R1].txt - [14581 octets] - [08/03/2013 19:34:09]
AdwCleaner[S1].txt - [369 octets] - [08/03/2013 19:31:40]

########## EOF - C:\AdwCleaner[R1].txt - [14701 octets] ##########
 

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Kel on 08/03/2013 at 19:37:25.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] televisionfanaticservice
Successfully deleted: [Service] televisionfanaticservice



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{c98d5b61-b0ea-4d48-9839-1079d352d880}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f9639e4a-801b-4843-aee3-03d9da199e77}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-247945308-1252465258-142441894-1000\software\microsoft\internet explorer\search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\incredibar.com
Successfully deleted: [Registry Key] hkey_local_machine\software\incredibar.com
Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions
Successfully deleted: [Registry Key] hkey_local_machine\software\mywebsearch
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\mywebsearch
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.dskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.dskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.incredibarhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.incredibarhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.BHO
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.BHO.1
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.BHO
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.BHO.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2452474
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Kel\appdata\local\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\locallow\media access startup"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Users\Kel\appdata\locallow\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ib updater"
Successfully deleted: [Folder] "C:\Program Files\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\Program Files\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Users\Kel\AppData\Roaming\microsoft\windows\start menu\programs\wajam"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/03/2013 at 19:40:22.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

RKreport:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kel [Admin rights]
Mode : Scan -- Date : 03/08/2013 19:54:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Kel\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [-] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82037D75 -> HOOKED (Unknown @ 0x8BF966F6)
SSDT[289] : NtSetContextThread @ 0x8209903F -> HOOKED (Unknown @ 0x8BF966FB)
SSDT[334] : NtTerminateProcess @ 0x81FF70D3 -> HOOKED (Unknown @ 0x8BF96697)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8BF96700)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8BF96705)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVS-22RST0 ATA Device +++++
--- User ---
[MBR] 83750aad1d3e54e30368b96a0eca930b
[BSP] 55661118607c8f127cb8a89bf6bcc3c2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19458048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22530048 | Size: 141625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03082013_02d1954.txt >>
RKreport[1]_S_03082013_02d1954.txt


 

HOW LAPTOP IS RUNNING:

I am disconnected from internet but opened IE - homepage is now google.com

 

MS/IE Pop up appeared:

 

 

 

IE Search Provider Default:

A program on your computer has corrupted your default search provider setting for IE.

IE has reset this setting to your original search provider. Bing (bing.com).

IE will now open search settings where you can change this setting or install more search providers.

(I have not done anything with this - just cancelled the action)


 

Please note I do not want Bing kept on this machine.

 

I would like ALL possible toolbars, extra search providers (even if 'safe') to be removed (Bing, Google etc).

 

In IE add-ons still seeing this Games Bar 1 Toolbar and Google Toolbar but other random named stuff has gone from the list.

 

 

Just restarted laptop - appears faster :)

 

In msconfig shows this Televisionfanatic, googletoolbar and stuff there but I had disabled these already before initially posting here.

 

Also, full shutdown and start - much faster than before as well.

 

 

Thanks for your help - look forward to your response.

Sabs


sexymonkey


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:03 AM

Posted 09 March 2013 - 08:25 PM

1.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

2.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

3.

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

 

 

Things to include in your next reply::

AdwCleaner log

Roguekiller log

OTL.txt

Extra.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 10 March 2013 - 07:11 AM

Hiya,

 

Logs as requested:

 

AdwCLeaner Log:

 

# AdwCleaner v2.114 - Logfile created 03/10/2013 at 10:27:36
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Kel - KEL-PC
# Boot Mode : Normal
# Running from : D:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\Windows\system32\ImhxxpComm.dll
Folder Deleted : C:\Program Files\Games_Bar_1
Folder Deleted : C:\Users\Kel\AppData\LocalLow\Games_Bar_1
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Deleted : HKCU\Software\AppDataLow\Software\Games_Bar_1
Key Deleted : HKCU\Software\AppDataLow\Software\Media Access Startup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Games_Bar_1 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B945C42-7EE6-4DA7-B467-E417CC119A3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\Games_Bar_1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F84D69AA-3E20-4305-984E-18E640D7F7FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B945C42-7EE6-4DA7-B467-E417CC119A3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Games_Bar_1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\Software\WNLT
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [14771 octets] - [08/03/2013 19:34:09]
AdwCleaner[R2].txt - [8001 octets] - [10/03/2013 10:13:50]
AdwCleaner[S1].txt - [369 octets] - [08/03/2013 19:31:40]
AdwCleaner[S2].txt - [8108 octets] - [10/03/2013 10:27:36]

########## EOF - C:\AdwCleaner[S2].txt - [8168 octets] ##########
 

 

RK Log:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kel [Admin rights]
Mode : Remove -- Date : 03/10/2013 10:57:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Kel\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [-] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82068D75 -> HOOKED (Unknown @ 0x885C0EBE)
SSDT[289] : NtSetContextThread @ 0x820CA03F -> HOOKED (Unknown @ 0x885C0EC3)
SSDT[334] : NtTerminateProcess @ 0x820280D3 -> HOOKED (Unknown @ 0x885C0E5F)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x885C0EC8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x885C0ECD)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVS-22RST0 ATA Device +++++
--- User ---
[MBR] 83750aad1d3e54e30368b96a0eca930b
[BSP] 55661118607c8f127cb8a89bf6bcc3c2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19458048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22530048 | Size: 141625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 69339f6bd30bb68ecd082f32deb01f86
[BSP] 09fb6a8287d8b9fe67c8caeb22042d34 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x69) [VISIBLE] Offset (sectors): 1869771365 | Size: 82367 Mo
1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1701519481 | Size: 913028 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2885681152 | Size: 25 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03102013_02d1057.txt >>
RKreport[1]_S_03102013_02d1054.txt ; RKreport[2]_D_03102013_02d1057.txt



OTL

OTL logfile created on: 10/03/2013 11:03:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 64.38% Memory free
4.00 Gb Paging File | 3.13 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 65.69 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.49 Gb Free Space | 93.51% Space Free | Partition Type: FAT32
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.72% Space Free | Partition Type: NTFS
 
Computer Name: KEL-PC | User Name: Kel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/10 10:03:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kel\Desktop\OTL.exe
PRC - [2013/03/08 19:27:50 | 000,816,640 | ---- | M] () -- D:\RogueKiller.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/07/06 18:06:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/08 19:03:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 20:57:00 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/10 09:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/03/02 20:57:16 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/06 18:06:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/08 19:03:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/07/06 18:06:57 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/06 18:06:57 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/24 11:43:12 | 000,342,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/08/06 08:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/08 12:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/03/02 21:06:36 | 002,411,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 07:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/30 15:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@entriq.com/Download Manager Plugin Version Chk,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2009/03/17 19:28:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@entriq.com/Download Manager Plugin,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2009/03/17 19:28:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@entriq.com/Download Manager Plugin Version Chk,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2009/03/17 19:28:15 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@entriq.com/Download Manager Plugin,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2009/03/17 19:28:15 | 000,000,000 | ---D | M]
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin
 
[2013/01/20 19:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7AB3C38-31A3-4B74-AE98-11CF07F2A7CC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{144b4fbb-1207-11db-9643-0016447e43b7}\Shell - "" = AutoRun
O33 - MountPoints2\{144b4fbb-1207-11db-9643-0016447e43b7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{144b4fcb-1207-11db-9643-0016447e43b7}\Shell - "" = AutoRun
O33 - MountPoints2\{144b4fcb-1207-11db-9643-0016447e43b7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{57427a2d-d387-11df-a1b4-00030d8a904c}\Shell - "" = AutoRun
O33 - MountPoints2\{57427a2d-d387-11df-a1b4-00030d8a904c}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{d69c51a8-cbad-11dd-909e-00030d8a904c}\Shell - "" = AutoRun
O33 - MountPoints2\{d69c51a8-cbad-11dd-909e-00030d8a904c}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d69c51aa-cbad-11dd-909e-00030d8a904c}\Shell - "" = AutoRun
O33 - MountPoints2\{d69c51aa-cbad-11dd-909e-00030d8a904c}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f2f9c548-08ae-11e1-a671-0016447e43b7}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f9c548-08ae-11e1-a671-0016447e43b7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/10 10:59:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kel\Desktop\OTL.exe
[2013/03/08 19:50:43 | 000,000,000 | ---D | C] -- C:\Users\Kel\Desktop\RK_Quarantine
[2013/03/08 19:37:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/08 19:36:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/08 19:36:05 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Kel\Desktop\JRT.exe
[2013/03/07 21:41:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kel\Desktop\dds.com
[2013/03/07 00:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/07 00:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/06 22:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/06 22:20:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/06 21:58:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/06 00:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(1)
[2013/03/05 23:34:13 | 000,000,000 | ---D | C] -- C:\Users\Kel\AppData\Local\Windows Live
[2013/03/05 22:51:15 | 000,000,000 | ---D | C] -- C:\Users\Kel\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/05 22:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/05 22:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/05 21:33:03 | 000,000,000 | ---D | C] -- C:\Users\Kel\AppData\Roaming\Malwarebytes
[2013/03/05 21:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/05 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/05 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Kel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/03/05 21:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/10/09 11:10:32 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeACB.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/10 10:32:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 10:32:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 10:32:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 10:32:04 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/10 10:03:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kel\Desktop\OTL.exe
[2013/03/08 20:13:14 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/03/08 19:27:50 | 000,816,640 | ---- | M] () -- C:\Users\Kel\Desktop\RogueKiller.exe
[2013/03/08 19:27:02 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kel\Desktop\JRT.exe
[2013/03/08 19:26:46 | 000,597,667 | ---- | M] () -- C:\Users\Kel\Desktop\adwcleaner.exe
[2013/03/07 21:05:56 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kel\Desktop\dds.com
[2013/03/07 20:26:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 20:26:24 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/07 00:42:51 | 000,008,714 | ---- | M] () -- C:\Users\Kel\Desktop\cc_20130307_004242.reg
[2013/03/07 00:37:18 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/06 22:20:30 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 21:56:06 | 000,000,680 | ---- | M] () -- C:\Users\Kel\AppData\Local\d3d9caps.dat
[2013/03/06 21:51:26 | 000,295,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/06 21:16:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/06 21:16:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/05 21:26:21 | 000,001,062 | ---- | M] () -- C:\Users\Kel\Desktop\Revo Uninstaller.lnk
[2013/03/05 21:24:05 | 000,023,136 | ---- | M] () -- C:\Users\Kel\Desktop\cc_20130305_212342registrybackup.reg
 
========== Files Created - No Company Name ==========
 
[2013/03/08 19:49:19 | 000,816,640 | ---- | C] () -- C:\Users\Kel\Desktop\RogueKiller.exe
[2013/03/08 19:32:54 | 000,597,667 | ---- | C] () -- C:\Users\Kel\Desktop\adwcleaner.exe
[2013/03/07 00:42:49 | 000,008,714 | ---- | C] () -- C:\Users\Kel\Desktop\cc_20130307_004242.reg
[2013/03/07 00:37:18 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/06 22:20:30 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 21:56:06 | 000,000,680 | ---- | C] () -- C:\Users\Kel\AppData\Local\d3d9caps.dat
[2013/03/05 21:26:21 | 000,001,062 | ---- | C] () -- C:\Users\Kel\Desktop\Revo Uninstaller.lnk
[2013/03/05 21:24:02 | 000,023,136 | ---- | C] () -- C:\Users\Kel\Desktop\cc_20130305_212342registrybackup.reg
[2008/11/27 20:15:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2006/07/13 21:37:40 | 000,000,000 | ---- | C] () -- C:\Users\Kel\AppData\Roaming\wklnhst.dat
[2006/07/13 01:01:45 | 000,067,584 | ---- | C] () -- C:\Users\Kel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/10/09 11:13:56 | 000,000,000 | ---D | M] -- C:\Users\Kel\AppData\Roaming\Sony
[2010/10/09 11:07:06 | 000,000,000 | ---D | M] -- C:\Users\Kel\AppData\Roaming\Sony Setup
 
========== Purity Check ==========
 
 

< End of report >
 

EXTRAS

OTL Extras logfile created on: 10/03/2013 11:03:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 64.38% Memory free
4.00 Gb Paging File | 3.13 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 65.69 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.49 Gb Free Space | 93.51% Space Free | Partition Type: FAT32
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.72% Space Free | Partition Type: NTFS
 
Computer Name: KEL-PC | User Name: Kel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C163164-D42B-423F-B42E-3AC5E2CD6A39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92C1559F-0C8E-4BD5-A12A-D78479662534}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD7F60B-BB57-4919-B0FB-6624729A2656}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{22B0B61D-D4A0-46C1-B294-9356FD26AEF5}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2648C7F4-E4B2-4FD4-A450-59E6E62420C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{490FCCE0-7EE0-44FB-9192-F10ABB7CB93B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B23FE0E-925D-426E-B269-A518ABA0C0E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C9BF81A-4681-4697-A3B9-AD6FD173C160}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6758F378-F78A-43E2-8707-A45C7998296F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{7479FA29-5018-4D35-AF30-822B2608B6D5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{75526361-EDE2-4256-B88A-5576C111EF20}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{AF0A93CA-6142-46A3-87F2-FC395A21DB9D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E2B7450D-AC56-45B4-B771-3C0A36AB2F2B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF78ED12-CB7D-4C1E-BBD6-66530B407565}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FE9DDC38-0260-4071-B554-61717CC08BC2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{E013ADEC-5AF0-466D-9421-A6379F6ADE29}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"UDP Query User{812BC0A9-3075-4E2C-B25B-FD1FA3772388}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B6B69A-EA41-E869-2383-226C1EB7D402}" = Catalyst Control Center Graphics Previews Vista
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34CC3170-D0DF-04EC-C87E-1E44FE0EDFC6}" = Skins
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F012E27-BC6C-43A8-9117-8C1363BCFEBF}" = QuickShare
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44FAA800-02B6-C4F3-EBEB-DA04C4F6A560}" = Catalyst Control Center Graphics Light
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{517BFF0D-A204-0242-1030-48EA107EF9A6}" = ccc-utility
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9A520C-C195-75A6-A449-80F2E2DFE485}" = ccc-core-static
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{BBD3132B-E52A-EBED-A51C-8DB85281C424}" = CCC Help English
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6055399-C43D-10E2-E8B5-97B19811C4E1}" = Catalyst Control Center Graphics Full New
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{E374AF5D-9B68-1044-85C2-662D5DD8A598}" = Catalyst Control Center Core Implementation
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F592CCFB-B597-3B99-B58B-8ED2E8907F5A}" = Catalyst Control Center Graphics Full Existing
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"3 USB Modem" = 3 USB Modem
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Demand Five Player_is1" = Demand Five Player
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"Flash Player Pro_is1" = Flash Player Pro V5.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Revo Uninstaller" = Revo Uninstaller 1.94
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/03/2013 16:18:26 | Computer Name = Kel-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 08/03/2013 18:26:24 | Computer Name = Kel-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 10/03/2013 06:32:47 | Computer Name = Kel-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2013 06:32:47 | Computer Name = Kel-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2013 06:32:47 | Computer Name = Kel-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2013 06:32:47 | Computer Name = Kel-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/03/2013 06:50:30 | Computer Name = Kel-PC | Source = Application Error | ID = 1000
Description = Faulting application NOTEPAD.EXE, version 6.0.6001.18000, time stamp
 0x47918ea2, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x4f2bf90a,
 exception code 0xc0000005, fault offset 0x749874b2,  process id 0xb00, application
 start time 0x01ce1d7a9128923b.
 
[ System Events ]
Error - 08/03/2013 18:26:24 | Computer Name = Kel-PC | Source = DCOM | ID = 10010
Description =
 
Error - 08/03/2013 18:28:00 | Computer Name = Kel-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08/03/2013 18:28:00 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 08/03/2013 18:28:00 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 08/03/2013 18:28:00 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 08/03/2013 18:28:00 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/03/2013 06:04:17 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10/03/2013 06:10:58 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 10/03/2013 06:11:09 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 10/03/2013 06:33:47 | Computer Name = Kel-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 

 

Thank you.


sexymonkey


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:03 AM

Posted 10 March 2013 - 08:22 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Google Toolbar for Internet Explorer
Bing Bar


Additional instructions can be found if needed.

 

 

2.

We need to run an OTL Fix

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "quote"

    :Otl
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    FF - HKCU\Software\MozillaPlugins\@entriq.com/Download Manager Plugin,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2009/03/17 19:28:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin
    FF - HKCU\Software\MozillaPlugins\@entriq.com/Download Manager Plugin Version Chk,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2009/03/17 19:28:15 | 000,000,000 | ---D | M]
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.)
    O33 - MountPoints2\{144b4fbb-1207-11db-9643-0016447e43b7}\Shell - "" = AutoRun
    O33 - MountPoints2\{144b4fbb-1207-11db-9643-0016447e43b7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{144b4fcb-1207-11db-9643-0016447e43b7}\Shell - "" = AutoRun
    O33 - MountPoints2\{144b4fcb-1207-11db-9643-0016447e43b7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{57427a2d-d387-11df-a1b4-00030d8a904c}\Shell - "" = AutoRun
    O33 - MountPoints2\{57427a2d-d387-11df-a1b4-00030d8a904c}\Shell\AutoRun\command - "" = F:\Startme.exe
    O33 - MountPoints2\{d69c51a8-cbad-11dd-909e-00030d8a904c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d69c51a8-cbad-11dd-909e-00030d8a904c}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{d69c51aa-cbad-11dd-909e-00030d8a904c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d69c51aa-cbad-11dd-909e-00030d8a904c}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{f2f9c548-08ae-11e1-a671-0016447e43b7}\Shell - "" = AutoRun
    O33 - MountPoints2\{f2f9c548-08ae-11e1-a671-0016447e43b7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]

     

     

    Things to include in your next reply::

    OTL fix log

    How is your amchine running now?

  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 11 March 2013 - 06:43 AM

Hiya,

 

Done the above: log as follows.

 

OTL FIX LOG:

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@entriq.com/Download Manager Plugin,version=3.8.2.9\ deleted successfully.
C:\Program Files\Entriq\MediaSphere\3.8.2.9 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com deleted successfully.
File C:\Program Files\TelevisionFanatic\bar\1.bin not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@entriq.com/Download Manager Plugin Version Chk,version=3.8.2.9\ deleted successfully.
File C:\Program Files\Entriq\MediaSphere\3.8.2.9 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{144b4fbb-1207-11db-9643-0016447e43b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144b4fbb-1207-11db-9643-0016447e43b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{144b4fbb-1207-11db-9643-0016447e43b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144b4fbb-1207-11db-9643-0016447e43b7}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{144b4fcb-1207-11db-9643-0016447e43b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144b4fcb-1207-11db-9643-0016447e43b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{144b4fcb-1207-11db-9643-0016447e43b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144b4fcb-1207-11db-9643-0016447e43b7}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57427a2d-d387-11df-a1b4-00030d8a904c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57427a2d-d387-11df-a1b4-00030d8a904c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57427a2d-d387-11df-a1b4-00030d8a904c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57427a2d-d387-11df-a1b4-00030d8a904c}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c51a8-cbad-11dd-909e-00030d8a904c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c51a8-cbad-11dd-909e-00030d8a904c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c51a8-cbad-11dd-909e-00030d8a904c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c51a8-cbad-11dd-909e-00030d8a904c}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c51aa-cbad-11dd-909e-00030d8a904c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c51aa-cbad-11dd-909e-00030d8a904c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c51aa-cbad-11dd-909e-00030d8a904c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c51aa-cbad-11dd-909e-00030d8a904c}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2f9c548-08ae-11e1-a671-0016447e43b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2f9c548-08ae-11e1-a671-0016447e43b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2f9c548-08ae-11e1-a671-0016447e43b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2f9c548-08ae-11e1-a671-0016447e43b7}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
 
User: Kel
->Temp folder emptied: 25737147 bytes
->Temporary Internet Files folder emptied: 2937257 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 3844696 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13796489 bytes
RecycleBin emptied: 37824 bytes
 
Total Files Cleaned = 44.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03112013_112825

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

Laptop seems to be running well now :)

 

Opened internet, visitied a couple pages to check if redirecting - all fine - homepage Google as set.

 

My Computer icon and 'Kel' icon now on desktop.

 

I know a llot of software requires updating.

 

Await your reply later.

 

Thanks


sexymonkey


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:03 AM

Posted 11 March 2013 - 02:52 PM

Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

 

 

You can check using this tool for any outdated software. Please go ahead and do the updating then let me know how the machine is running.  If all is well i will give you my final instructions and clean up our mess.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 11 March 2013 - 03:07 PM

Will do! Thanks.  Be in touch once updated etc.


sexymonkey


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:03 AM

Posted 13 March 2013 - 05:33 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 sexymonkey

sexymonkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:03 AM

Posted 13 March 2013 - 06:59 PM

Hi,

 

Still here, yes.

 

Sorry, had a busy few days - not been able to do all updates yet - but did Windows load of updates, took ages! 

 

Need to check for other stuff using secunia - hoping to do that/more tomorrow night - so by this time tomorrow or by next night should be good to go - but I'll update - no problem.

 

 

One question:

Wanted to ask is that Television fanatic thing ok to leave on or should I remove?  I see it in add/remove (setup type icon) - I asked my friend what she was upto and she was using it or something similar on the net to watch shows we can't see here free or something - I told her I'll get rid of it and don't do it again!

 

 

Thank you.  Be in touch Thurs or Fri night deffo.

 

Off to bed now. :)


sexymonkey


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:03 AM

Posted 13 March 2013 - 09:03 PM

I would get rid of it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users