Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

flv player pup?


  • Please log in to reply
10 replies to this topic

#1 drbogg

drbogg

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 November 2013 - 10:04 AM

Hi i have had a problem with flv player pup have ran malwarebytes antimalware and found some things but still having probs with lap top running windows 7 tried system restore at my wits end now. Also ran super anti spyware nothing found online scanner (housecall) nothing. I am hoping that i can get some help from you good people..

thanks in advance.

 

just run malwarebytes  antimalware scan and this is the log

 

21/11/2013 15:17:17
MBAM-log-2013-11-21 (15-30-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205907
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCR\CLSID\{042DA63B-0933-403D-9395-B49307691690} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCR\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCR\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCR\Inbox.JSServer (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCR\Inbox.Toolbar (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCR\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} (PUP.Optional.Inbox) -> No action taken.
HKCR\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} (PUP.Optional.Inbox) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 (PUP.Optional.Inbox) -> No action taken.
HKCU\Software\Inbox Toolbar (PUP.Optional.InboxToolBar.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\Inbox Toolbar (PUP.Optional.Inbox) -> No action taken.

Files Detected: 8
C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (PUP.Optional.InboxToolBar.A) -> No action taken.
C:\Users\shaz\Downloads\ImagesSetup.exe (PUP.Optional.Inbox) -> No action taken.
C:\Program Files (x86)\Inbox Toolbar\setupcfg.ini (PUP.Optional.Inbox) -> No action taken.
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (PUP.Optional.Inbox) -> No action taken.
C:\Program Files (x86)\Inbox Toolbar\Inbox.ini (PUP.Optional.Inbox) -> No action taken.
C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (PUP.Optional.Inbox) -> No action taken.
C:\Program Files (x86)\Inbox Toolbar\unins000.exe (PUP.Optional.Inbox) -> No action taken.
C:\Program Files (x86)\Inbox Toolbar\uninstall.ini (PUP.Optional.Inbox) -> No action taken.

(end)
 


Edited by drbogg, 21 November 2013 - 10:34 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 AM

Posted 21 November 2013 - 02:51 PM


Your Malwarebytes Anti-Malware log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having Malwarebytes remove the threats. To confirm if everything was removed:
  • Rescan again (Quick Scan) in normal mode.
  • Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning.
  • Make sure that everything detected is checked and then click the Remove Selected button.
  • Then click the Logs tab and copy/paste the contents of the new report in your next reply.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 AM

Posted 21 November 2013 - 02:52 PM

After doing the above, continue as follows...


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 drbogg

drbogg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 22 November 2013 - 02:35 AM

Many thanks for the quick response. here's the new mbam log

 

22/11/2013 07:21:04
mbam-log-2013-11-22 (07-21-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205779
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{042DA63B-0933-403D-9395-B49307691690} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCR\Inbox.JSServer (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCR\Inbox.Toolbar (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCR\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
HKCU\Software\Inbox Toolbar (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\Inbox Toolbar (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
C:\Users\shaz\Downloads\ImagesSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\setupcfg.ini (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox.ini (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\unins000.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\uninstall.ini (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

(end)
 



#5 drbogg

drbogg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 22 November 2013 - 03:29 AM

rkill log file:

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/22/2013 07:42:57 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1100) [WD-HEUR]

1 proccess terminated!

Possibly Patched Files.

 * C:\Windows\system32\lsass.exe

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\shaz\Desktop\rkill\rkill-11-22-2013-07-43-08.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * C:\Windows\System32\lsass.exe : 30,720 : 09/25/2013 01:03 AM : 4d71227301dd8d09097b9e4cc6527e5a [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe : 31,232 : 07/14/2009 01:39 AM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe : 31,232 : 07/14/2009 01:39 AM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe : 31,232 : 11/17/2011 07:05 AM : 156f6159457d0aa7e59b62681b56eb90 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe : 31,232 : 11/17/2011 07:05 AM : 156f6159457d0aa7e59b62681b56eb90 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe : 31,232 : 07/14/2009 01:39 AM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe : 31,232 : 11/17/2011 06:42 AM : d21bd47e528cd62e79311fb5df0150e6 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe : 31,232 : 06/02/2012 05:30 AM : bf63ce11a25f3509129888710d5111fc [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe : 31,232 : 07/14/2009 01:39 AM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe : 31,232 : 11/17/2011 06:33 AM : c118a82cd78818c29ab228366ebf81c3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe : 31,232 : 11/17/2011 06:33 AM : c118a82cd78818c29ab228366ebf81c3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe : 31,232 : 11/17/2011 06:20 AM : 0a10b74fbb437ff9a23f1d5de4446a83 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe : 31,232 : 06/04/2012 07:51 AM : 79c908caa6f43021eb05f4c733a927d1 [Pos Repl]

 * C:\Windows\System32\schannel.dll : 340,992 : 09/25/2013 02:22 AM : 31ffed18c7b836cec1b559347e32e151 [NoSig]
 +-> C:\Windows\SysWOW64\schannel.dll : 225,280 : 06/02/2012 04:40 AM : 3d3cbd1847f980fb03343a63671e7886 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_7e0b3cb56ef3dd68\schannel.dll : 348,672 : 07/14/2009 01:41 AM : 5a148b1574be77742d337ec81c23fc7a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16612_none_7e53f0fd6ebdc541\schannel.dll : 340,992 : 01/11/2011 09:14 AM : 7cc59a28bcf0f791cc5f173093e06db1 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16661_none_7e1ce1176ee7379f\schannel.dll : 340,992 : 01/11/2011 09:03 AM : 426a455cacd1261d05d158ca8ad8ef2e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_7e56f78d6ebb08bb\schannel.dll : 340,992 : 11/17/2011 07:10 AM : 65238bdc2ec498ef5bc52ccf0ac2736b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.17035_none_7e412fd76ecb73df\schannel.dll : 340,992 : 06/02/2012 05:27 AM : 90b780886bd813882cb382ff3e90e092 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20735_none_7ecaeece87e8e8f2\schannel.dll : 339,456 : 01/11/2011 09:14 AM : 595a4a6058b95b52da0badde57eb211f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20785_none_7e94df32881174a7\schannel.dll : 339,456 : 01/11/2011 09:03 AM : fe91c090df05b9b2c623b244bb97e76b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_7e86ea56881c7223\schannel.dll : 339,456 : 11/17/2011 06:49 AM : 4abe93525123ba830a3d33ea0d5d93ad [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21225_none_7ed59e7487e0f4df\schannel.dll : 338,944 : 06/02/2012 05:37 AM : 107519f9849d947ee1ba5085f7bc2763 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_803c507d6be26102\schannel.dll : 340,992 : 11/20/2010 01:27 PM : a199de544bf5c61c134b22c7592226fc [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098\schannel.dll : 340,992 : 11/17/2011 06:35 AM : fbd1d2169aceee3073861f8ca3a28c49 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17856_none_801317136c00fae9\schannel.dll : 340,992 : 06/02/2012 05:45 AM : 1573c45e65de32b1bc3572634f8f1e8e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_808ce09a852b3aca\schannel.dll : 340,992 : 11/17/2011 06:26 AM : ed848d806f639ce611b3bedc6c958140 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22010_none_80c1c9f48503c627\schannel.dll : 340,992 : 06/04/2012 07:54 AM : f6184411925d84c41a87fb9821554da8 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_885fe707a3549f63\schannel.dll : 220,160 : 07/14/2009 01:16 AM : 0a53fd4ebbd92002ccc362a9b8087885 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16612_none_88a89b4fa31e873c\schannel.dll : 224,256 : 01/11/2011 09:14 AM : 61a9b3194f8497b864b1c98a72736d07 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16661_none_88718b69a347f99a\schannel.dll : 224,256 : 01/11/2011 09:03 AM : 21cf5c7d8d727dcc337a1d251b6135f4 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_88aba1dfa31bcab6\schannel.dll : 224,768 : 11/17/2011 05:39 AM : 83041697ae93aa4b783ae8746904edd2 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.17035_none_8895da29a32c35da\schannel.dll : 225,280 : 06/02/2012 04:48 AM : 76c48f0cd8a526858ab9a4886586942a [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20735_none_891f9920bc49aaed\schannel.dll : 224,256 : 01/11/2011 09:14 AM : da2974595719d65c27b5198b971ef121 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20785_none_88e98984bc7236a2\schannel.dll : 224,256 : 01/11/2011 09:03 AM : bf33806d317af52b6860a82d9fdc7e00 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_88db94a8bc7d341e\schannel.dll : 224,768 : 11/17/2011 07:15 AM : cb6b6b1f8d283de4540445c5313cb445 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21225_none_892a48c6bc41b6da\schannel.dll : 225,280 : 06/02/2012 04:45 AM : 1f7939c11281755a7b0a6ac47929f701 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_8a90facfa04322fd\schannel.dll : 224,256 : 11/20/2010 12:21 AM : 135f7ac9be35ab1df727faf2e60e92f8 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_8a872ef9a04a5293\schannel.dll : 224,768 : 11/17/2011 05:34 AM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17856_none_8a67c165a061bce4\schannel.dll : 225,280 : 06/02/2012 04:40 AM : 3d3cbd1847f980fb03343a63671e7886 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_8ae18aecb98bfcc5\schannel.dll : 224,768 : 11/17/2011 05:29 AM : 3dbcbd8adb406c43a2127544d7ba974e [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22010_none_8b167446b9648822\schannel.dll : 225,280 : 06/02/2012 04:55 AM : c5b2dc72f2453cef2e150a81f696703d [Pos Repl]

 * C:\Windows\System32\wininet.dll : 2,241,536 : 10/12/2013 08:45 AM : 9706c99daebe3feac811b239617e98c4 [NoSig]
 +-> C:\Windows\SysWOW64\wininet.dll : 1,767,936 : 10/12/2013 07:03 AM : 5fd4335dcd343d0fea9fa6b18ed408d9 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_7fc28d121246afa9\wininet.dll : 2,240,512 : 03/25/2013 06:47 PM : 69f1d418b4c4ec23033d598e4cbc6b73 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_7faced3a1256e78b\wininet.dll : 2,241,024 : 09/22/2013 10:55 PM : d28b35de88d27efb27df4b1e8319e3c0 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20831_none_68d576fc2c057c88\wininet.dll : 2,248,704 : 09/22/2013 11:23 PM : 1377a310439639a610097ed56975ae19 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll : 1,193,472 : 07/14/2009 01:41 AM : b1037f0131c9a010d611f6914e03cd92 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_78885ce43292ab6f\wininet.dll : 1,192,960 : 01/11/2011 09:10 AM : 9c0e12fb8bd14397ec9cca99ec0ed5a3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_78ce3fc4325d7fa3\wininet.dll : 1,192,960 : 01/11/2011 09:13 AM : 096698014315b32c84a7afd4ea61fb6f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_788e6086328d40a0\wininet.dll : 1,192,960 : 01/11/2011 09:16 AM : ce40a889cb71a292e2947dbc630f47df [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_78d91196325560d9\wininet.dll : 1,192,960 : 01/11/2011 09:03 AM : 3deb428acd3d4decd1619c24e4628dd2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_789f00d232818732\wininet.dll : 1,192,960 : 01/11/2011 09:05 AM : 09e42c1ce2199e0442e3531a599983a8 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_78d712e832572b52\wininet.dll : 1,197,056 : 12/21/2010 06:16 AM : e71db117dbda6b33646f37936c17d226 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_78e0e656324ff058\wininet.dll : 1,197,568 : 11/05/2011 05:26 AM : f12cb8efb15813723575ee94c6a76e8b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_79734ae14b674ce7\wininet.dll : 1,192,960 : 01/11/2011 09:10 AM : 46c47a10db10e3055ade41c4eb4ff7ca [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_793e3b8f4b8ef1f3\wininet.dll : 1,196,032 : 01/11/2011 09:13 AM : dd9ca58e7db6e64bad127c7ad6fe1d08 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_796e7e974b69fe09\wininet.dll : 1,196,032 : 01/11/2011 09:16 AM : 40643f8400f5c05770ee8f1373bbe3ea [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_794d0e894b833885\wininet.dll : 1,196,544 : 01/11/2011 09:03 AM : dbc6ec40ddedf875c0576cf2c0caf9c3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_7916feed4babc43a\wininet.dll : 1,196,032 : 01/11/2011 09:05 AM : 25b069ddf6206ef3c968179f98d351c7 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_79346fb94b962189\wininet.dll : 1,198,080 : 12/21/2010 06:09 AM : 1d3466e7e9d63f8b2b84a8ad5e833c29 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_7921aac74ba3d5d9\wininet.dll : 1,198,080 : 11/05/2011 05:32 AM : a35680aee7e4bef4b2adc1a380b8e31f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll : 1,188,864 : 11/20/2010 01:27 PM : f6c5302e1f4813d552f41a0ac82455e5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_7aba72dc2f804587\wininet.dll : 1,188,864 : 11/05/2011 05:41 AM : 4efc156290537bb9706d3a7a1a4b8733 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_7b28a15548b1b7d7\wininet.dll : 1,189,376 : 11/05/2011 05:37 AM : 8f2cc83b92626a3b7e1df360720fad30 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll : 1,390,080 : 02/04/2012 10:21 AM : 69151e566295e5a977fe71ffafd3b3f8 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll : 1,390,080 : 12/14/2011 07:04 AM : b1ac85b6adc005cf3f9eb4e28dfdcce6 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_766ac323748b8dc0\wininet.dll : 1,392,128 : 10/08/2012 11:23 AM : a19db004d954bbc9c4ec125711e1d1c2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_765021d974a046ef\wininet.dll : 1,392,128 : 02/02/2013 06:47 AM : fa274190682aa41a46b285208ed46a74 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll : 1,390,080 : 12/14/2011 06:10 AM : c2fa4dbd6bb91d1afd7d155120654ab9 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_76e68f248db3fd76\wininet.dll : 1,392,128 : 10/08/2012 10:11 AM : 789ead6f3ce42f3322818988400986e9 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_76ceeeb88dc602aa\wininet.dll : 1,392,128 : 02/02/2013 07:16 AM : 4e0669b513805a7c2a303c8ededc8e03 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_23a3f18e59e93e73\wininet.dll : 1,766,912 : 03/25/2013 06:47 PM : ba15504fa59a8dc304f1cbaeba6252a1 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_238e51b659f97655\wininet.dll : 1,767,936 : 09/22/2013 11:28 PM : e4feb264b47360b7296aea4e052f88d8 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20831_none_0cb6db7873a80b52\wininet.dll : 1,777,152 : 09/22/2013 11:36 PM : 67220eb57550f10e1219d57d89937456 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll : 977,920 : 07/14/2009 01:16 AM : 0d874f3bc751cc2198af2e6783fb8b35 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll : 977,920 : 01/11/2011 09:10 AM : f1c359ce656bd76f90e0e6c4bc04a4be [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll : 977,920 : 01/11/2011 09:13 AM : 99a6f1253a886c4a9c1f8e1822b10a80 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll : 977,920 : 01/11/2011 09:16 AM : abe73a2f762a74b6ad2c9be636915595 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll : 978,432 : 01/11/2011 09:03 AM : 250267ce6217c1ab4517f22fb7ea13e8 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll : 978,432 : 01/11/2011 09:05 AM : 3d6aa6dd4d0f3bb41b804747eb489831 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll : 981,504 : 12/21/2010 05:38 AM : 78b9ada2bc8946af7b17678e0d07a773 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll : 981,504 : 11/05/2011 04:35 AM : 7f5b51faca193430346970283c50769f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll : 977,920 : 01/11/2011 09:10 AM : 23587164011ec849e58e229abc49e239 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll : 980,480 : 01/11/2011 09:13 AM : 0962cb2a9e6b4363c74249a4a5ccdbbf [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll : 980,480 : 01/11/2011 09:16 AM : 5ff3118c688d43ed77deadc6f4895ef9 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll : 980,480 : 01/11/2011 09:03 AM : 91a9ccad9829a89c840899932b9ec2df [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll : 980,480 : 01/11/2011 09:05 AM : 84795f28eb2e942951138827b8704819 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll : 981,504 : 12/21/2010 05:29 AM : 1b3dd46bc6396143a205eaaf05f38039 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll : 982,016 : 11/05/2011 04:37 AM : e49448acd38a375e4fbccb87056e1467 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll : 980,992 : 11/20/2010 12:21 AM : 44214c94911c7cfb1d52cb64d5e8368d [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll : 981,504 : 11/05/2011 04:35 AM : 19714fa7d7204d9bee1ee12791da9010 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll : 982,016 : 11/05/2011 04:31 AM : 1903228fe0c7d402b26a217f8d7713fd [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll : 1,127,424 : 02/04/2012 10:21 AM : 02f98b5c0e397ad06124d84428cf8f1a [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll : 1,127,424 : 12/14/2011 02:57 AM : 1d94fa7c81d2ffe494af094619ba706f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll : 1,129,472 : 10/08/2012 07:48 AM : 9cb0d2a9a77d91d9614355ee9ff00519 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_1a318655bc42d5b9\wininet.dll : 1,129,472 : 02/02/2013 03:30 AM : 03728c624d05c2f157bbd46f6b7f6ea0 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll : 1,127,424 : 12/14/2011 02:28 AM : 022a78194e2c7106f5af9f2bc6ac8774 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll : 1,129,472 : 10/08/2012 07:37 AM : 6e3ac8a54a1881806ba2b58539483788 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_1ab05334d5689174\wininet.dll : 1,129,472 : 02/02/2013 03:36 AM : 1284d72c04b553ed5382ea14303d66db [Pos Repl]

Checking HOSTS File:

 * No issues found.

Program finished at: 11/22/2013 07:46:16 AM
Execution time: 0 hours(s), 3 minute(s), and 19 seconds(s)
 



#6 drbogg

drbogg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 22 November 2013 - 03:31 AM

After i clicked clean an autoit error came up,

3809 (file"C:\users\shaz\downloads\Adwcleaner.exe"):

Error: subscript used with non-array variable. i clicked ok ran it agaian with nithing detected but then offered a restart which i done and then this log opened.

 

adw log file:

 

# AdwCleaner v3.012 - Report created 22/11/2013 at 08:00:02
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : shaz - SHAZ-HP
# Running from : C:\Users\shaz\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0.1 (en-GB)

[ File : C:\Users\shaz\AppData\Roaming\Mozilla\Firefox\Profiles\lc3kkpx0.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=48D76867-4CAA-470D-9DE3-698792828F0B&n=77ed5194&p2=^0D^xdm005^S00757^gb&si=CL2t9s6Suq8CFQQMt[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.installation.installDate", "2012041620");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.installation.partnerId", "^0D^xdm005^S00757^gb");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.installation.partnerSubId", "CL2t9s6Suq8CFQQMtAodvnCwjg");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.installation.toolbarId", "48D76867-4CAA-470D-9DE3-698792828F0B");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.lastActivePing", "1334606203502");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.tab.date", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._57Members_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "marineaquariumfree@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.tab.enabled", false);
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_UK&apn_uid=D0E9E65C-E0F8-4092-A651-95A2D7DB208A&apn_ptnrs=U3&apn_sauid=D7405A72-42CB-42F6-9FAC[...]

*************************

AdwCleaner[R0].txt - [34684 octets] - [13/11/2013 19:41:37]
AdwCleaner[R1].txt - [12902 octets] - [22/11/2013 07:59:20]
AdwCleaner[S0].txt - [1617 octets] - [22/11/2013 07:56:29]
AdwCleaner[S1].txt - [12499 octets] - [22/11/2013 08:00:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12560 octets] ##########
 


Jrt log file :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by shaz on 22/11/2013 at  8:09:06.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA8A91C0-D14B-44C8-8EEA-A9BD90E42EC5}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{1894B795-0A79-43CF-A04A-0B84A2293936}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{4E74525E-BE72-46AC-B88F-E19988FD8515}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{5E479582-9099-4691-B4EE-0CCAF7DE660C}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{6C749DB8-B644-4949-9E89-293DD34463D0}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{724098EE-0BBD-4394-9EFC-91EE7E22C75A}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{8B1AAC2A-62BA-4112-80DC-0761ACD74BDF}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{A6C5071C-AECA-4B82-A853-A1E3C0C7A4CB}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{D6A6CD23-3F2E-4B51-A5CE-403418A459DC}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{F2D19D01-9369-4A2C-83FA-7DB73C502E05}
Successfully deleted: [Empty Folder] C:\Users\shaz\appdata\local\{FDBF1CCD-D04F-488C-BE3A-1144CF621440}



~~~ FireFox

Emptied folder: C:\Users\shaz\AppData\Roaming\mozilla\firefox\profiles\lc3kkpx0.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/11/2013 at  8:27:09.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by drbogg, 22 November 2013 - 03:41 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 AM

Posted 22 November 2013 - 07:07 AM

Looking good. How is your computer running now?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 drbogg

drbogg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 22 November 2013 - 02:15 PM

Hi everything seems tickety boo, no horrible pups and much smother and faster.  Thank you very much.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 AM

Posted 22 November 2013 - 04:08 PM


You're welcome.

Now you should Create a New Restore Point (alternate method) to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Click the Start Orb and in the Search box type: Create a restore point.
  • When the System Properties window opens, under the System Protection tab, select the Create... button at the bottom. Give the restore point a name, then click "Create". The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then to remove all but the newly created Restore Point, use Disk Cleanup
.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 drbogg

drbogg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 November 2013 - 05:21 AM

That's all done i tke it that i should have a clean laptop now, all seems well, thank you again. :thumbup2:



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:30 AM

Posted 23 November 2013 - 07:01 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users