Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect to fake Java Update malware - is it gone?


  • Please log in to reply
25 replies to this topic

#1 Susee

Susee

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 12:40 PM

Hi, over the last week or two both my laptop and my partner's pc have been occasionally redirected to fake Java update websites when browsing the net, each using a different url and asking to download the latest java. Obviously we have not downloaded anything, though one site automatically downloaded an executable which we promptly deleted and removed from the recycle bin. There have been other problems too such as the pc's SSD being fuller than expected and occasionally some sites won't load but that could be my imagination running away with me!

We've run Malware Bytes anti-malware on both machines, deleting one file from the laptop and around 30 from the pc and in the day or two since then there haven't been any redirects, however it wasn't happening often enough before hand to make any real comparison yet as it was never consistent with which sites it happened to.

As I'll be getting a new (fairly expensive!) laptop in the next couple of weeks I would feel a lot safer in the knowledge that our current two machines are completely clean and at no risk of infecting the new laptop somehow by being on the same wi-fi (if that's even possible?)

 

to summarise, what are some steps to ensure that both my laptop and my partner's pc are completely malware free? We are both on Windows 7 and use Google Chrome.

Thanks a lot for any help! :)  



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 02:21 PM

Hallo Susee and :welcome:

Please post the log of Malwarebytes which is here - C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Also:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#3 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 02:50 PM

Hi I've run it on the laptop (should I also do the same for the pc?) here are the logs:

Malwarebytes (the file indicated here is the one that got downloaded automatically but never opened):
 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/08 19:02:24 +0100</date>
<log>mbam-log-2014-05-08 (18-42-45).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.05.08.07</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Luke</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>244584</objects>
<time>1178</time>
<processes>0</processes>
<modules>0</modules>
<keys>1</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-2812927349-2170550746-3648202425-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>7d7a36187efd92a46718dca443bff60a</hash></key>
<file><path>C:\$RECYCLE.BIN\S-1-5-21-2812927349-2170550746-3648202425-1000\$R2M8GTH.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>619669e57ffc5fd71b0e0a6b30d1867a</hash></file>
</items>
</mbam-log>


Security check:

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 11  
 Java 7 Update 51  
 Java version out of Date! 
  Adobe Flash Player 11.6.602.168 Flash Player out of Date!  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 TOSHIBA Toshiba Online Product Information TOPI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 



and MiniToolBox:

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Luke (administrator) on 11-05-2014 at 20:48:30
Running from "C:\Users\Luke\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/11/2014 01:24:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 11:33:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077
 
Error: (05/11/2014 11:33:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077
 
Error: (05/11/2014 11:33:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/11/2014 11:18:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 10:50:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5288
 
Error: (05/11/2014 10:50:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5288
 
Error: (05/11/2014 10:50:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/11/2014 10:50:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4290
 
Error: (05/11/2014 10:50:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4290
 
 
System errors:
=============
Error: (05/11/2014 01:25:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/11/2014 11:18:36 AM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:54 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:53 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:52 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:52 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:52 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:52 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:52 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 11:16:52 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-03-24 09:39:07.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-24 09:39:07.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-24 09:39:07.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-24 09:39:07.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-24 09:39:06.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.0.29126)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Age of Empires II: HD Edition
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CBR Reader
Cockatrice
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Contacts (Version: 1.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dark Omen
DivX Setup (Version: 2.6.1.24)
GameRanger
Google Chrome (Version: 34.0.1847.131)
Google Desktop (Version: 5.7.0802.22438)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.24.7)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2869)
Intel® Matrix Storage Manager
iTunes (Version: 11.1.5.5)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 11 (Version: 6.0.110)
Legend of Dungeon
LogMeIn Hamachi (Version: 2.2.0.188)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Movie Maker (Version: 16.4.3522.0110)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook 3.65 (Version: 3.65)
OpenAL
OpenOffice 4.0.1 (Version: 4.01.9714)
Origin (Version: 9.4.6.2792)
Pharos
Photo Gallery (Version: 16.4.3522.0110)
Picasa 2 (Version: 2.0)
PlayReady PC runtime (Version: 1)
QuickTime 7 (Version: 7.75.80.95)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0004)
Realtek High Definition Audio Driver (Version: 6.0.1.5821)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20132)
Scrivener (Version: 1610)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization V
Skype™ 6.14 (Version: 6.14.104)
Spotify (Version: 0.9.10.7.g1826e03e)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam
Super Hexagon
Synaptics Pointing Device Driver (Version: 12.2.11.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
TOSHIBA Assist (Version: 2.01.10)
TOSHIBA ConfigFree (Version: 7.4.9)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 3.00.1.04-A)
TOSHIBA eco Utility (Version: 1.0.3.0)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C)
TOSHIBA Hardware Setup (Version: 1.63.0.6C)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1)
TOSHIBA Manuals (Version: 7.40)
Toshiba Online Product Information (Version: 2.06.0000)
TOSHIBA PC Health Monitor (Version: 1.3.2.0)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017)
TOSHIBA SD Memory Utilities (Version: 1.8.1.6)
TOSHIBA Service Station (Version: 2.0.26)
TOSHIBA Supervisor Password (Version: 1.63.0.3C)
Toshiba TEMPRO (Version: 2.0)
TOSHIBA Value Added Package (Version: 1.2.8)
TOSHIBA Web Camera Application (Version: 1.0.1.8)
TRORDCLauncher (Version: 1.0.0.6)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.50.22C)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
WildTangent Games (Version: 1.0.0.71)
Windows Live Communications Platform (Version: 16.4.3522.0110)
Windows Live Essentials (Version: 16.4.3522.0110)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3522.0110)
Windows Live Photo Common (Version: 16.4.3522.0110)
Windows Live PIMT Platform (Version: 16.4.3522.0110)
Windows Live SOXE (Version: 16.4.3522.0110)
Windows Live SOXE Definitions (Version: 16.4.3522.0110)
Windows Live UX Platform (Version: 16.4.3522.0110)
Windows Live UX Platform Language Pack (Version: 16.4.3522.0110)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
World of Warcraft
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 81%
Total physical RAM: 2936.88 MB
Available physical RAM: 552.88 MB
Total Pagefile: 5872.04 MB
Available Pagefile: 2921.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.41 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Vista) (Fixed) (Total:116.21 GB) (Free:33.22 GB) NTFS
2 Drive e: (Data) (Fixed) (Total:115.21 GB) (Free:101.31 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LUKE-PC
 
Administrator            Guest                    Luke                     
 
 
**** End of log ****




Thanks a lot!

 



#4 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 03:13 PM

Here's also the malwarebytes log for the pc, which had a lot more threats:
 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/08 19:16:29 +0100</date>
<log>mbam-log-2014-05-08 (19-11-49).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.05.08.08</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Luke</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>285583</objects>
<time>279</time>
<processes>0</processes>
<modules>0</modules>
<keys>25</keys>
<values>9</values>
<datas>0</datas>
<folders>2</folders>
<files>26</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>b048d876c3b8b185d9673721b949bd43</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>b048d876c3b8b185d9673721b949bd43</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Toolbar.CT3072253</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3072253</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{687578B9-7132-4A7A-80E4-30EE31099E03}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{687578B9-7132-4A7A-80E4-30EE31099E03}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{687578B9-7132-4A7A-80E4-30EE31099E03}</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\uTorrentControl2</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>7e7aa0ae90ebec4a24922d5b28daa957</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>58a09ab4d8a3072f0650512fe41e38c8</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>6a8efe50aad1a78fe60db8f1d52e18e8</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr</path><vendor>PUP.Optional.DataMngr.A</vendor><action>success</action><hash>b14769e5c1bafb3b41326c3c25de3fc1</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar</path><vendor>PUP.Optional.DataMngr.A</vendor><action>success</action><hash>d91f6de1c7b4270f264c7f294fb442be</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\uTorrentControl2</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>708879d5d5a6cc6a4573bacee71bc23e</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>26d23a1490ebf93d51697319d62cf40c</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>8f697dd1de9df046077510994ab92ed2</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>a65291bd84f735014c096020659d3bc5</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>5b9d3717b7c405312d473b57b052b848</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>0cec57f73b40b68079212d7b6e95be42</hash></key>
<key><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>ce2a5df10d6eaa8ce6d282fe936f15eb</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrentControl2 Toolbar</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></key>
<value><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{687578B9-7132-4A7A-80E4-30EE31099E03}</valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata>¹xuh2qzJ€ä0î1 ž</valuedata><hash>2eca0549bebd7db966b758c9b84a8e72</hash></value>
<value><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{687578B9-7132-4A7A-80E4-30EE31099E03}</valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata></valuedata><hash>2eca0549bebd7db966b758c9b84a8e72</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{687578B9-7132-4A7A-80E4-30EE31099E03}</valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata>uTorrentControl2 Toolbar</valuedata><hash>2eca0549bebd7db966b758c9b84a8e72</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{687578B9-7132-4A7A-80E4-30EE31099E03}</valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata></valuedata><hash>2eca0549bebd7db966b758c9b84a8e72</hash></value>
<value><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{687578B9-7132-4A7A-80E4-30EE31099E03}</path><valuename></valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata></valuedata><hash>45b3eb632e4d92a45ebfb36ebe44c13f</hash></value>
<value><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{687578b9-7132-4a7a-80e4-30ee31099e03}</path><valuename></valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata></valuedata><hash>797f6ae476053006fc21130e33cf50b0</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{687578b9-7132-4a7a-80e4-30ee31099e03}</path><valuename></valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata></valuedata><hash>0bed70de03789e989687e83924de4fb1</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{687578b9-7132-4a7a-80e4-30ee31099e03}</path><valuename></valuename><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><valuedata></valuedata><hash>8276bf8fccaf51e522fb2ef360a2ce32</hash></value>
<value><path>HKU\S-1-5-21-78707285-2248635578-1152735443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0L1N1H2O1S</valuedata><hash>0cec57f73b40b68079212d7b6e95be42</hash></value>
<folder><path>C:\ProgramData\IBUpdaterService</path><vendor>Adware.InstallBrain</vendor><action>success</action><hash>788035198dee60d62242aad8ec1729d7</hash></folder>
<folder><path>C:\Program Files (x86)\uTorrentControl2</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></folder>
<file><path>C:\Program Files (x86)\uTorrentControl2\prxtbuTo2.dll</path><vendor>PUP.Optional.uTorrentTB.A</vendor><action>success</action><hash>2eca0549bebd7db966b758c9b84a8e72</hash></file>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>df19044af784af87319e67b9808003fd</hash></file>
<file><path>C:\Users\Luke\Downloads\Player Setup (1).exe</path><vendor>PUP.Optional.BundleInstaller.A</vendor><action>success</action><hash>7385bf8fcead47efb1b2997ed2328d73</hash></file>
<file><path>C:\Users\Luke\Downloads\Player Setup.exe</path><vendor>PUP.Optional.BundleInstaller.A</vendor><action>success</action><hash>62966ae4de9d7fb7323167b0f80cf010</hash></file>
<file><path>C:\Users\Luke\AppData\Local\Conduit\Community Alerts\Alert.dll</path><vendor>PUP.Optional.Conduit</vendor><action>success</action><hash>8a6ec08e5a2113238065f43f986c7d83</hash></file>
<file><path>C:\Users\Luke\AppData\Local\Conduit\CT3072253\uTorrentControl2AutoUpdateHelper.exe</path><vendor>PUP.Optional.Conduit</vendor><action>success</action><hash>cf29f757a6d5b0863ca9e64d46be6f91</hash></file>
<file><path>C:\ProgramData\IBUpdaterService\repository.xml</path><vendor>Adware.InstallBrain</vendor><action>success</action><hash>788035198dee60d62242aad8ec1729d7</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\GottenAppsContextMenu.xml</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\hk64tbuTo0.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\hk64tbuTo2.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\hktbuTo0.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\hktbuTo2.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\ldrtbuTo0.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\ldrtbuTo2.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\ldrtbuTor.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\OtherAppsContextMenu.xml</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\SharedAppsContextMenu.xml</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\tbuTo0.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\tbuTo2.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\tbuTor.dll</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\toolbar.cfg</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\ToolbarContextMenu.xml</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\uninstall.exe</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
<file><path>C:\Program Files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper1.exe</path><vendor>PUP.Optional.uTorrentControl.A</vendor><action>success</action><hash>6296212d4a310b2b8e3320507a8853ad</hash></file>
</items>
</mbam-log>


#5 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 03:18 PM

Uninstall these ones:

Acrobat.com (Version: 0.0.0)

Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Java™ 6 Update 11 (Version: 6.0.110)
Download and install latest Adobe AIR - https://get.adobe.com/air/
Download and install latest Java - https://www.java.com/en/download/
Download and install latest Adobe Reader,refuse promo offer - http://get.adobe.com/reader/
 
Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
Thank you!


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 03:19 PM

So run AdwCleaner there also.



#7 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 03:47 PM

This is the log for the laptop (I can post for the pc too shortly but it's in use right now so a little tricky to reboot!)
 

# AdwCleaner v3.208 - Report created 11/05/2014 at 21:38:40
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Luke - LUKE-PC
# Running from : C:\Users\Luke\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ntcomic-cbr-reader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ntcomic-cbr-reader_RASMANCS
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1345 octets] - [11/05/2014 21:36:59]
AdwCleaner[S0].txt - [1282 octets] - [11/05/2014 21:38:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1342 octets] ##########



thanks for your help :)


#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 03:54 PM

Ok follow the steps for both.

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

After that:

Download HitmanPro HERE 32bit or HERE 64bit from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!
 



#9 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 04:13 PM

The log from JRT:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Luke on 11/05/2014 at 22:00:00.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Luke\appdata\locallow\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/05/2014 at 22:02:27.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


and hitman log:

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : LUKE-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Luke-PC\Luke
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-05-11 22:06:44
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 55s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 37
 
   Objects scanned . . . : 1,067,305
   Files scanned . . . . : 31,586
   Remnants scanned  . . : 316,532 files / 719,187 keys
 
Cookies _____________________________________________________________________
 
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.viralize.tv
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:cstatic.weborama.fr
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\Q1IZBXO9.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\T721X26W.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\XRZGHOR6.txt
 
 
 


#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 04:36 PM

So click Next to delete cookies.

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

 

Start AdwCleaner and click Uninstall buton and it will disappear.JRT just delete.Hitman uninstall standard way as a program.

Thank you!



#11 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 05:10 PM

It's taking a while so I may leave it to scan overnight - thanks so much for your help so far! just a couple of questions:

Once this scan is done will that mean this laptop is now clean again or is there a lot left to do?
and do I repeat the same process for the pc?

Thank-you :)



#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 05:26 PM

For what we are looking for yes it is clean.If Hitman on PC finds something in malware section not only cookies and PUP`s post it.



#13 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 May 2014 - 05:28 PM

Brilliant, will do!



#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 11 May 2014 - 05:30 PM

Also ESET as it is antivirus scanner.If finds something:

  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.


#15 Susee

Susee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 12 May 2014 - 04:02 AM

Hi, the laptop came up clean, thanks!

These are the logs for the PC:
 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Luke (administrator) on 12-05-2014 at 09:11:14
Running from "C:\Users\Luke\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/12/2014 09:02:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/12/2014 08:31:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 05:45:04 PM) (Source: Application Hang) (User: )
Description: The program dota.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1308
 
Start Time: 01cf6d2ef2f5383b
 
Termination Time: 178
 
Application Path: E:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
 
Report Id:
 
Error: (05/11/2014 08:24:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 11:40:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 11:31:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 11:20:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 08:40:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2014 08:41:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2014 02:53:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/11/2014 11:05:24 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (05/11/2014 11:05:24 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (05/10/2014 00:09:48 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/10/2014 11:38:02 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (05/09/2014 11:06:23 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/09/2014 09:47:17 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/09/2014 09:47:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (05/08/2014 06:41:06 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (05/08/2014 02:51:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 14:51:22 on ?08/?05/?2014 was unexpected.
 
Error: (05/08/2014 02:46:18 PM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (05/12/2014 09:02:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/12/2014 08:31:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 05:45:04 PM) (Source: Application Hang)(User: )
Description: dota.exe0.0.0.0130801cf6d2ef2f5383b178E:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
 
Error: (05/11/2014 08:24:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 11:40:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 11:31:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 11:20:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 08:40:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2014 08:41:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2014 02:53:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-12 09:10:36.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-12 09:09:59.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-12 09:00:22.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-12 08:42:02.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-12 08:29:49.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-11 22:20:21.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-11 21:28:10.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-11 21:14:42.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-11 20:01:44.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-11 18:05:05.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****




# AdwCleaner v3.208 - Report created 12/05/2014 at 09:43:00
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Luke - LUKE-PC-1000
# Running from : C:\Users\Luke\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : TBSrv
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Users\Luke\AppData\Local\Conduit
Folder Deleted : C:\Users\Luke\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Luke\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Luke\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Luke\AppData\Roaming\PerformerSoft
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\5c4dbdab46feb13
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_driver-sweeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_driver-sweeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\i8l8qmgg.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=72537A7919B7BA13
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
 
*************************
 
AdwCleaner[R0].txt - [7283 octets] - [12/05/2014 09:41:28]
AdwCleaner[S0].txt - [7011 octets] - [12/05/2014 09:43:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7071 octets] ##########
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luke on 12/05/2014 at  9:46:59.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-78707285-2248635578-1152735443-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93204169-B22B-4DAF-9621-34ACAD510872}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Luke\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Luke\appdata\locallow\utorrentcontrol2"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/05/2014 at  9:50:35.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
and hitman pro:


HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : LUKE-PC-1000
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Luke-PC-1000\Luke
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-05-12 09:52:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 53
 
   Objects scanned . . . : 1,905,674
   Files scanned . . . . : 81,648
   Remnants scanned  . . : 476,325 files / 1,347,701 keys
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-78707285-2248635578-1152735443-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-78707285-2248635578-1152735443-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-78707285-2248635578-1152735443-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
 
Cookies _____________________________________________________________________
 
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.audience2media.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\29PD0743.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\2KNG6FAT.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\4C9UBH0C.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\4W7JGUWG.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\9TF75NZH.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\D3TCZXGG.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\E2FWM39F.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\FL4ZX5WC.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\G1U4BXKT.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\GEXJOW8Z.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\JI4UG0SP.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\LBK8BPK9.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\LEI1B849.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\P27WTPCL.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\QB025MI8.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\QSB2M5OE.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\QVG5H07K.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\T03CWC3R.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\WSAKRQWP.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\X504DA71.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\XR2FPA3W.txt
   C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Cookies\ZKSYHBKL.txt
   C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\i8l8qmgg.default\cookies.sqlite:doubleclick.net
   C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\i8l8qmgg.default\cookies.sqlite:specificclick.net
 
 
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users