Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad image pop ups and no internet


  • Please log in to reply
19 replies to this topic

#1 Littleleo37

Littleleo37

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 10 September 2016 - 06:41 AM

Hello everyone, recently my pc (win 8.1 pr0,64 bit) is giving me "McUICnt.exe-Bad Image" (error status 0xc000012f) and isn't connected to the Internet.
Would you please help

BC AdBot (Login to Remove)

 


#2 MessiFan

MessiFan

  • Members
  • 33 posts
  • OFFLINE
  •  

Posted 10 September 2016 - 07:53 AM

hi

 

You cant connect to internet?

 

Do you have a Mcafee antivirus installed on computer?


Edited by MessiFan, 10 September 2016 - 07:55 AM.


#3 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 10 September 2016 - 09:06 AM

hi
 
You cant connect to internet?
 
Do you have a Mcafee antivirus installed on computer?


No but I have ESET.

#4 MessiFan

MessiFan

  • Members
  • 33 posts
  • OFFLINE
  •  

Posted 10 September 2016 - 09:12 AM

Ok.You may or may not have a virus.Im not sure about it.Run Malware bytes on your computer and do a threat scan.And,was this error due to something you did?Just think of anything you have done before this error came up..It might be useful in solving your problem.

MessiFan

Edited by MessiFan, 10 September 2016 - 09:14 AM.


#5 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:23 PM

Posted 10 September 2016 - 10:02 AM

Have you run a scan using Eset? If it has been a while since Eset was able to update, attempt to run a scan using it in Safe Mode With Networking.

 

First attempt to access internet by booting into Safe Mode With Networking. If that is successful then download and run the programs below.

If you are still unable to access internet in Safe Mode with Networking then you will need to first download programs to another medium such as

a flash drive or DVD. Then move the programs to the problem computer and run the scans.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:23 PM

Posted 11 September 2016 - 04:35 AM

Edited...


Edited by buddy215, 12 September 2016 - 06:45 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 12 September 2016 - 05:22 AM

I see you have been receiving help from Aura. Suggest you follow his advice for fixing the BSOD.
Possible viruses and temp folder - Page 3 - Am I infected? What do I do?


Thanks I'm trying to do steps you advised and will let you know as soon as finished. What's above post?

#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:23 PM

Posted 12 September 2016 - 06:46 AM

OOOPS...my last post was a result of looking at the wrong content. It was MessiFan's content I was looking at...not your's. Just ignore

my last post.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 12 September 2016 - 07:51 AM

OOOPS...my last post was a result of looking at the wrong content. It was MessiFan's content I was looking at...not your's. Just ignore

my last post.

 

Dear Buddy, I had done a malware scan a few days ago before your reply which is as following, malware scan which I did today  and two other requested scans will be sent in seperate posts.

MALWAREBYTES 1:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/3/2016
Scan Time: 12:40 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: MSP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 489415
Time Elapsed: 38 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [82e4a1c02e6bbc7abde9866458aba35d],
PUP.Optional.IStart123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\istart123Software, Quarantined, [6600a4bdeeabbc7a421fab5e6b9820e0],
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hp, Quarantined, [c4a28ad7c4d50e28781f6fa5b84be51b],
PUP.Optional.IHProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [ca9c4021772238fe9c0b6189c241ef11],
PUP.Optional.NorthernThemesService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Northern Themes Service, Quarantined, [a2c48ad7e8b1c5716f0a16e053b032ce],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER, Quarantined, [1e484021306974c2a7dc836b3cc745bb],
PUP.Optional.InstallCore, HKU\S-1-5-21-2127654969-188385897-2691937534-1001\SOFTWARE\InstallCore, Quarantined, [7fe7db86bcdd74c2ae115f8c62a18b75],
PUP.Optional.SmartBar, HKU\S-1-5-21-2127654969-188385897-2691937534-1001\SOFTWARE\SmartbarBackup, Quarantined, [036399c84c4d3cfac852a11b54afdc24],
PUP.Optional.SmartBar, HKU\S-1-5-21-2127654969-188385897-2691937534-1001\SOFTWARE\SmartbarLog, Quarantined, [dd89263b3a5f270fcb4ebdff25de6b95],

Registry Values: 4
PUP.Optional.FreeMakeConverter, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, Quarantined, [5a0cb9a8782141f539e9ecf9a95aa15f]
PUP.Optional.SecurityProtection, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|detgdp@gmail.com, C:\Users\MSP\AppData\Roaming\Mozilla\Firefox\Profiles\dbptba28.default-1417290955172\extensions\detgdp@gmail.com, Quarantined, [ca9caeb3851425117c584cb405ff7987]
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER|ImagePath, "C:\Program Files (x86)\LPT\srpts.exe", Quarantined, [1e484021306974c2a7dc836b3cc745bb]
PUP.Optional.SnapDo, HKU\S-1-5-21-2127654969-188385897-2691937534-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [b3b3a5bc6b2ef442f1f7804ec14246ba]

Registry Data: 18
PUP.Optional.IStart123.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1422940695&from=wpm0202&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1422940695&from=wpm0202&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928),Replaced,[8adc322f39603bfb590cc71f31d3f50b]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}),Replaced,[6cfa4e130f8a51e52596855a956fec14]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN, Good: (www.google.com), Bad: (http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN),Replaced,[e284243d5e3bde586a5120bf7b8946ba]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN, Good: (www.google.com), Bad: (http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN),Replaced,[bda97fe21485d1655d5e508f50b44bb5]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}),Replaced,[c6a072ef6336bc7a9c1f13ccc440a759]
PUP.Optional.IStart123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1422940695&from=wpm0202&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1422940695&from=wpm0202&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928),Replaced,[9acc9bc6b2e71026da8be600ec18b24e]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}),Replaced,[5c0abfa2edac59dd714aa8372ada7a86]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN, Good: (www.google.com), Bad: (http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN),Replaced,[8cdaf56cfa9fb77f7942a936b252728e]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN, Good: (www.google.com), Bad: (http://www.v9.com/?type=hppp&ts=1417120932&from=cor&uid=ST1000LM024XHN),Replaced,[d78f540d1a7f3204b60536a91be9fd03]
PUP.Optional.V9.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1417120810&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GDC06928&i=psd&t=34cab79a9&q={searchTerms}),Replaced,[372fee73c2d706303388ffe09074f40c]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpgR2fSGT_k6NYYgYOle66R_Z0oh2s6QtL-cB8eiozDOyzLSOcb1Qzcm4meNB878jDGJ0aSSCpzpg4QYIsyY0pIf5YOEbiHY-22njgOS2qN3XegQUJTCLMGAQeDfc_38MiDFAqrG0faNeISNn2Xjyx3nFSba6NKHfmM,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpgR2fSGT_k6NYYgYOle66R_Z0oh2s6QtL-cB8eiozDOyzLSOcb1Qzcm4meNB878jDGJ0aSSCpzpg4QYIsyY0pIf5YOEbiHY-22njgOS2qN3XegQUJTCLMGAQeDfc_38MiDFAqrG0faNeISNn2Xjyx3nFSba6NKHfmM,&q={searchTerms}),Replaced,[85e119482b6e3cfa582e914e03012ed2]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpgR2fSGT_k6NYYgYOle66R_Z0oh2s6QtL-cB8eiozDOyzLSOcb1Qzcm4meNB878jDGJ0aSSCpzpg4QYIsyY0pIf5YOEbiHY-22njgOS2qN3XegQUJTCLMGAQeDfc_38MiDFAqrG0faNeISNn2Xjyx3nFSba6NKHfmM,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpgR2fSGT_k6NYYgYOle66R_Z0oh2s6QtL-cB8eiozDOyzLSOcb1Qzcm4meNB878jDGJ0aSSCpzpg4QYIsyY0pIf5YOEbiHY-22njgOS2qN3XegQUJTCLMGAQeDfc_38MiDFAqrG0faNeISNn2Xjyx3nFSba6NKHfmM,&q={searchTerms}),Replaced,[4f173f227c1d8da9a7e200df13f1916f]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpgR2fSGT_k6NYYgYOle66R_Z0oh2s6QtL-cB8eiozDOyzLSOcb1Qzcm4meNB878jDGJ0aSSCpzpg4QYIsyY0pIf5YOEbiHY-22njgOS2qN3XegQUJTCLMGAQeDfc_38MiDFAqrG0faNeISNn2Xjyx3nFSba6NKHfmM,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpgR2fSGT_k6NYYgYOle66R_Z0oh2s6QtL-cB8eiozDOyzLSOcb1Qzcm4meNB878jDGJ0aSSCpzpg4QYIsyY0pIf5YOEbiHY-22njgOS2qN3XegQUJTCLMGAQeDfc_38MiDFAqrG0faNeISNn2Xjyx3nFSba6NKHfmM,&q={searchTerms}),Replaced,[adb981e02b6e94a24f3a3aa532d2d52b]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w2j98eRHMcfLkp6-nGHw0crrf5u1wUWXF1rU6D0baZVNMAnI5isAKkKKs_UWuirUlIqfQo_5CJ6G_0CZAz1H0, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w2j98eRHMcfLkp6-nGHw0crrf5u1wUWXF1rU6D0baZVNMAnI5isAKkKKs_UWuirUlIqfQo_5CJ6G_0CZAz1H0,),Replaced,[9fc7055ce1b838feec9ada05ca3a30d0]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}),Replaced,[53130f52f8a11f170482ac33857f2fd1]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}),Replaced,[c3a31c451782a4922d59e1fecf3510f0]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}),Replaced,[b9adc1a09ffac86eff8af7e8ef1525db]
PUP.Optional.SafeFinder.ShrtCln, HKU\S-1-5-21-2127654969-188385897-2691937534-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpJVBTt5OdrqXAQ1D8Z00k98LTvnRw32yIbYVKpubMq1mPwRL_8XZ-brPWRBbxr0FaCc8uGEX6ho83w6LVpiHDMQIIHt32bMQB1BPWDgxevmnU8ehGUPgqtZeiG3B4RkOreDQVCBcpd_FQp-zYHEqkZnfRUF78exq9g,&q={searchTerms}),Replaced,[e0865f02a2f77db9e0a9c817cb392dd3]

Folders: 11
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Configs, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Resources, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.OpenCandy, C:\Users\MSP\AppData\Roaming\OpenCandy, Quarantined, [98ce88d9cbce6ccafdfbc0f807fb2fd1],
PUP.Optional.OpenCandy, C:\Users\MSP\AppData\Roaming\OpenCandy\0655276E9F304A32A2C912438CED57A0, Quarantined, [98ce88d9cbce6ccafdfbc0f807fb2fd1],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [3e281b46e0b9fc3aabfb4878ab57b848],
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate, Quarantined, [f96dc0a1adecf046c29429ad9b67f40c],
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update, Quarantined, [f96dc0a1adecf046c29429ad9b67f40c],
PUP.Optional.ASK.Gen, C:\Users\MSP\AppData\Local\Temp\APN-Stub, Quarantined, [6105e37e722784b25b6ad81504fe9e62],
PUP.Optional.ASK.Gen, C:\Users\MSP\AppData\Local\Temp\APN-Stub\FF3-V7, Quarantined, [6105e37e722784b25b6ad81504fe9e62],

Files: 48
PUP.Optional.OpenCandy, C:\Users\MSP\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe, No Action By User, [79ed10514d4c340287e55c1a887a57a9],
PUP.Optional.APNToolBar, C:\Users\MSP\AppData\Local\Temp\AskPIP_FF_.exe, Quarantined, [2e3818497029cf67ceeafe388c75f40c],
Trojan.MalPack, C:\Users\MSP\AppData\Local\Temp\KQNCGBTO.DLL, Quarantined, [2c3aa8b97b1ed75f7c8989db5ea34eb2],
Trojan.MalPack, C:\Users\MSP\AppData\Local\Temp\XSZSPFJK.DLL, Quarantined, [54120b5666339b9b4cb90a5aba47768a],
Trojan.MalPack, C:\Users\MSP\AppData\Local\Temp\XKLIFMKX.DLL, Quarantined, [77ef243de3b681b512f31252e41d8080],
Trojan.MalPack, C:\Users\MSP\AppData\Local\Temp\PJICREGS.DLL, Quarantined, [1353006148510d2955b0174df20f11ef],
Trojan.MalPack, C:\Users\MSP\AppData\Local\Temp\EOVHHFZB.DLL, Quarantined, [fe688fd275249b9ba65f3d27d62b728e],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\linmsl.exe, Quarantined, [f3739dc4fe9bf046dc1bd536a362ba46],
PUP.Optional.VeriStaff, C:\Users\MSP\AppData\Local\LPT\LPTInstaller.msi, Quarantined, [cc9a075a059441f5f0d4f324c93752ae],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\lrrot.dll, Quarantined, [f472174a297073c3867154b738cd45bb],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Newtonsoft.Json.dll, Quarantined, [2f3773eeb8e1290dba3d1cef8d78db25],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Proxy.Lib.dll, Quarantined, [fb6b92cff1a862d4d91e10fb1de8f30d],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Smartbar.Common.dll, Quarantined, [5b0bcd948c0dcf6762953bd09174c63a],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Smartbar.Communication.dll, Quarantined, [75f14c151485f93d7285bc4ff213cc34],
PUP.Optional.SmartBar, C:\Users\MSP\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe, Quarantined, [eb7ba8b9ebae0c2a6f51928548b80cf4],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll, Quarantined, [6cfaaeb36039b383fef98784ae57a25e],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Smartbar.Personalization.Common.dll, Quarantined, [e383afb2dcbda4922dca42c92ed79967],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\smia.exe, Quarantined, [73f39dc4069377bf886f8c7f44c107f9],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\srpdm.dll, Quarantined, [fe6808593a5f58de6196cf3c36cf54ac],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\srprl.dll, Quarantined, [6bfbc1a0d7c2191dbd3a9d6edf26f40c],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\srpt.dll, Quarantined, [aabc6001a3f66acc0fe846c5c63f6e92],
PUP.Optional.VeriStaff, C:\Users\MSP\AppData\Local\LPT\srptm.exe, Quarantined, [87df0b566336c27410b4110636ca9868],
PUP.Optional.VeriStaff, C:\Users\MSP\AppData\Local\LPT\srptsl.exe, Quarantined, [333329381881ff37229f2becf10f0ff1],
PUP.Optional.SnapDo, C:\Windows\Installer\30a12094.msi, Quarantined, [1254421f27720e28f1bb2d0f9b661ee2],
PUP.Optional.VeriStaff, C:\Windows\Installer\30a12099.msi, Quarantined, [a2c4c1a01089b97d0cb85cbb54ac936d],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIA588.tmp, Quarantined, [1155164be9b01b1b9ab9ac63847cdf21],
PUP.Optional.V9.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [67ff3b26bedb2214a0f5f1237390b14f],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\PublisherSettings.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\linmsl.exe.config, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\NewConfig.txt, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\smia.exe.config, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\srptm.exe.config, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\srptsl.exe.config, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\UserSettings.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\XMLOperations.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Configs\BrowserSettings.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Configs\LPTMapping.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Configs\Timers.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.Linkury, C:\Users\MSP\AppData\Local\LPT\Resources\LPT.xml, Quarantined, [491dd78acbceeb4b7ed616d80df6cd33],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\db.ini, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\39.json, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\config.ini, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\DataBase, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\noajmlkipclmeolfcnflkjhijkigpfjh#1.2.0@.crx, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\sp-firefox#1.0.0.xpi, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\ttff.exe, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.NorthernThemesService, C:\Users\MSP\AppData\NTSFile\uninst.exe, Quarantined, [abbbb5accccde84e16623db9c83bab55],
PUP.Optional.ASK.Gen, C:\Users\MSP\AppData\Local\Temp\APN-Stub\FF3-V7\Stb96847842-58f7-46a3-a177-1fff45b14c3c.log, Quarantined, [6105e37e722784b25b6ad81504fe9e62],

Physical Sectors: 0
(No malicious items detected)


(end)


 

I see you have been receiving help from Aura. Suggest you follow his advice for fixing the BSOD.
Possible viruses and temp folder - Page 3 - Am I infected? What do I do?


Thanks I'm trying to do steps you advised and will let you know as soon as finished. What's above post?

 

Malwarebytes 2 (Today) :

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/12/2016
Scan Time: 3:51 AM
Logfile: scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: MSP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 475147
Time Elapsed: 1 hr, 13 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 12 September 2016 - 07:53 AM

OOOPS...my last post was a result of looking at the wrong content. It was MessiFan's content I was looking at...not your's. Just ignore

my last post.

 

AdwCleaner :

 

 

# AdwCleaner v6.010 - Logfile created 12/09/2016 at 05:26:27
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.2 [Local]
# Operating System : Windows 8.1 Pro  (X64)
# Username : MSP - ALI
# Running from : D:\Ali\adwcleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\MSP\AppData\Local\Babylon
[-] Folder deleted: C:\Users\MSP\AppData\Local\Free Youtube Downloader
[-] Folder deleted: C:\Users\MSP\AppData\Roaming\Babylon
[-] Folder deleted: C:\Users\MSP\AppData\Roaming\MailUpdate
[-] Folder deleted: C:\Users\MSP\AppData\Roaming\v9
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\Babylon
[-] Folder deleted: C:\ProgramData\MailUpdate
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Babylon
[#] Folder deleted on reboot: C:\ProgramData\Application Data\MailUpdate
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Youtube Downloader
[-] Folder deleted: C:\Program Files (x86)\Babylon
[-] Folder deleted: C:\Program Files (x86)\STab
[-] Folder deleted: C:\Program Files (x86)\Free Youtube Downloader
[-] Folder deleted: C:\Users\MSP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj


***** [ Files ] *****

[-] File deleted: C:\Users\MSP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File deleted: C:\Users\Public\Desktop\Babylon.lnk
[-] File deleted: C:\Users\Public\Desktop\Free Youtube Downloader.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
[-] Key deleted: HKLM\SOFTWARE\Classes\.bgl
[-] Key deleted: HKLM\SOFTWARE\Classes\.bof
[-] Key deleted: HKLM\SOFTWARE\Classes\BabyDict
[-] Key deleted: HKLM\SOFTWARE\Classes\BabyGloss
[-] Key deleted: HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
[-] Key deleted: HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
[-] Key deleted: HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64
[-] Key deleted: HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1
[-] Key deleted: HKLM\SOFTWARE\Classes\BabyOptFile
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{947217BD-E967-400A-B14A-BA851A8EDCBB}]
[-] Key deleted: HKU\S-1-5-21-2127654969-188385897-2691937534-1001\Software\Babylon
[-] Key deleted: HKU\S-1-5-21-2127654969-188385897-2691937534-1001\Software\Microsoft\Babylon
[-] Key deleted: HKU\S-1-5-21-2127654969-188385897-2691937534-1001\Software\Mozilla\Extends
[#] Key deleted on reboot: HKCU\Software\Babylon
[#] Key deleted on reboot: HKCU\Software\Microsoft\Babylon
[#] Key deleted on reboot: HKCU\Software\Mozilla\Extends
[-] Key deleted: HKLM\SOFTWARE\Babylon
[-] Key deleted: HKLM\SOFTWARE\SupDp
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\V9Software
[#] Key deleted on reboot: HKLM\SOFTWARE\SUPDP
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Babylon Client]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
[-] Key deleted: HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
[-] Key deleted: HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.xpiState" -  "{\"app-profile\":{\"firefox1@myibay.com\":{\"d\":\"C:\\\\Users\\\\MSP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pmuchkgc.default-1423153871515\\\\extensions\\\\firefox1@myibay.com.xpi\",\"e\":true,\"v\":\"1.3.7.1-signed.1-signed\",\"st\":1463343788874},\"{bee6eb20-01e0-ebd1-da83-080329fb9a3a}\":{\"d\":\"C:\\\\Users\\\\MSP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pmuchkgc.default-1423153871515\\\\extensions\\\\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}\",\"e\":true,\"v\":\"1.86\",\"st\":1472027463874,\"mt\":1471993810670}},\"app-system-addons\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\MSP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pmuchkgc.default-1423153871515\\\\features\\\\{3cde8916-3ef0-4278-97f4-1aafaa6805b6}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1472483260577},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Users\\\\MSP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pmuchkgc.default-1423153871515\\\\features\\\\{3cde8916-3ef0-4278-97f4-1aafaa6805b6}\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.2\",\"st\":1472483320815},\"loop@mozilla.org\":{\"d\":\"C:\\\\Users\\\\MSP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pmuchkgc.default-1423153871515\\\\features\\\\{3cde8916-3ef0-4278-97f4-1aafaa6805b6}\\\\loop@mozilla.org.xpi\",\"e\":true,\"v\":\"1.4.2\",\"st\":1472483362753}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":false,\"v\":\"1.0\",\"st\":1472027461142},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":false,\"v\":\"1.0.2\",\"st\":1472027461133},\"loop@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"e\":false,\"v\":\"1.3.2\",\"st\":1466931009573}},\"winreg-app-user\":{\"mozilla_cc2@internetdownloadmanager.com\":{\"d\":\"E:\\\\Programs\\\\Internet Download Manager\\\\idmmzcc2.xpi\",\"e\":true,\"v\":\"6.25.25\",\"st\":1470234896000}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"47.0.1\",\"st\":1472027461150}},\"winreg-app-global\":{\"ocr@babylon.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Babylon\\\\Babylon-Pro\\\\Plugins\\\\ocr@babylon.com\",\"e\":false,\"v\":\"1.1\",\"st\":1404301009802,\"mt\":1367344598000},\"web2pdfextension@web2pdf.adobedotcom\":{\"d\":\"C:\\\\Program Files (x86)\\\\Adobe\\\\Acrobat 11.0\\\\Acrobat\\\\Browser\\\\WCFirefoxExtn\",\"e\":false,\"v\":\"2.0\",\"st\":1404305588748,\"mt\":1348458236000},\"{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}\":{\"d\":\"C:\\\\ProgramData\\\\RealNetworks\\\\RealDownloader\\\\BrowserPlugins\\\\Firefox\\\\Ext\",\"e\":false,\"v\":\"17.0.6\",\"st\":1404377080405,\"mt\":1392241250000},\"fmconverter@gmail.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Freemake\\\\Freemake Video Converter\\\\BrowserPlugin\\\\Firefox\",\"e\":false,\"v\":\"1.0.0\",\"st\":1404378516581,\"mt\":1395850482000},\"{ABDE892B-13A8-4d1b-88E6-365A6E755758}\":{\"d\":\"C:\\\\ProgramData\\\\RealNetworks\\\\RealDownloader\\\\BrowserPlugins\\\\Firefox\\\\Ext\",\"st\":1404377080405,\"mt\":1392241250000}}}"
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [C:\Users\MSP\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jbolfgndggfhhpbnkgnpjkfhinclbigj


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11123 Bytes] - [12/09/2016 05:26:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [7709 Bytes] - [12/09/2016 05:22:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11270 Bytes] ##########
 



#11 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 12 September 2016 - 07:54 AM

OOOPS...my last post was a result of looking at the wrong content. It was MessiFan's content I was looking at...not your's. Just ignore

my last post.

 

 

Junk Removal Test:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Pro x64
Ran by MSP (Administrator) on Mon 09/12/2016 at  5:37:01.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\MSP\AppData\Roaming\Mozilla\Firefox\Profiles\pmuchkgc.default-1423153871515\extensions\firefox1@myibay.com.xpi (File)
Successfully deleted: C:\Users\MSP\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\MSP\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\Windows\prefetch\BABYLON.EXE-9D5C5354.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMAKEVC.EXE-50CE5925.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMAKEVIDEOCONVERTER.EXE-60CAA5BB.pf (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A9EA707288A68045470FF808B4DEA0DD (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/12/2016 at  5:38:28.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:23 PM

Posted 12 September 2016 - 08:54 AM

Okay...are you able to use the computer in regular mode and access the internet?

 

Have you run a scan using your Eset program? If not...important that you do.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 20 September 2016 - 05:54 AM

Okay...are you able to use the computer in regular mode and access the internet?

 

Have you run a scan using your Eset program? If not...important that you do.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

Dear Buddy,

 

Below are the three requested reports:

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task AutoPico Daily Restart @ByELDI "C:\Program Files\KMSpico\AutoPico.exe" /silent
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d067286bd6848b Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d08ef97bf4effe Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d0bf5f319f05cf Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 Intel® Services Manager C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon Intel® Services Manager "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
No Task Optimize Start Menu Cache Files-S-1-5-21-2127654969-188385897-2691937534-1001
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-2127654969-188385897-2691937534-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-2127654969-188385897-2691937534-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task {BAEBE5C3-64AE-497D-8379-2EBF9DDFA3A5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\MSP\AppData\Roaming\v9\UninstallManager.exe -c  -ptid=cor
Yes Task {CBE6DDCA-3AD9-4A00-9881-BCF2682320F8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "D:\PDF Utilities\Adobe Acrobat XI Pro 11.0.6\Crack.exe" -d "D:\PDF Utilities\Adobe Acrobat XI Pro 11.0.6"
 
 
2nd report
 
Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run IDMan Tonec Inc. E:\Programs\Internet Download Manager\IDMan.exe /onboot
Yes HKCU:Run NetTraffic VENEA.NET C:\Program Files (x86)\NetTraffic\NetTraffic.exe
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\MSP\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run egui ESET "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
Yes HKLM:Run Energy Manager Lenovo(beijing) Limited "C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
Yes HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Kerio Control VPN Client Kerio Technologies Inc. "C:\Program Files (x86)\Kerio\VPN Client\kvpncgui.exe" /tray
Yes HKLM:Run Lenovo Utility Lenovo(beijing) Limited "C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files (x86)\McAfee Security Scan\3.11.163\SSScheduler.exe
Yes Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
 
 
3rd one
 
Adobe Acrobat XI Pro Adobe Systems 7/2/2014 2.76 GB 11.0.06
Adobe AIR Adobe Systems Incorporated 7/3/2014 3.1.0.4880
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2/15/2016 18.1 MB 20.0.0.306
Adobe Help Manager Adobe Systems Incorporated 7/3/2014 4.0.244
Adobe Widget Browser Adobe Systems Incorporated. 7/3/2014 2.0 Build 348
Angry Birds Rovio Entertainment Ltd. 7/3/2014 163 MB 3.3.0
Any Video Converter Ultimate 5.5.6 Any-Video-Converter.com 7/3/2014 107 MB
Apple Application Support (32-bit) Apple Inc. 8/6/2015 96.0 MB 3.2
Apple Application Support (64-bit) Apple Inc. 1/20/2016 128 MB 4.1.2
Apple Mobile Device Support Apple Inc. 8/6/2015 27.9 MB 8.2.1.3
Apple Software Update Apple Inc. 7/3/2014 2.38 MB 2.1.3.127
AriaVpn Smart Connection Novindata 10/25/2015 1.00
Audible - Audiobooks and more 12/23/2014
Babylon Babylon Ltd. 7/2/2014 14.4 MB 10.00.0210
Bonjour Apple Inc. 7/3/2014 2.00 MB 3.0.0.10
Book Bazaar Reader Refrelent Software Lab 4/17/2015 3.1.46.501
CCleaner Piriform 9/12/2016 5.21
Combined Community Codec Pack 2014-03-09 CCCP Project 7/3/2014 3.78 MB 2014.03.09.0
Comix ObjectSpaces 9/1/2014 16.0.6.113
Discovery Channel DISCOVERY COMMUNICATIONS, LLC 8/23/2014 1.2.0.0
Encyclopaedia Britannica Encyclopaedia Britannica 8/23/2014 1.1.1.20
Energy Manager Lenovo 7/16/2014 47.8 MB 1.0.0.35
ESET Smart Security ESET, spol s r. o. 8/15/2015 121 MB 8.0.319.0
Flashcards Pro ANTARA SOFTWARE & CONSULTING PRIVATE LIMITED 6/21/2015 1.4.1.4
FormatFactory 3.3.2.0 Format Factory 12/18/2015 3.3.2.0
Fotor Chengdu Everimaging Science and Technology Co Ltd 8/23/2014 1.6.0.3
Free YouTube Downloader 4.0.301 HOW Inc. 11/27/2014 60.8 MB
Freemake Video Converter version 4.1.3 Ellora Assets Corporation 7/3/2014 78.7 MB 4.1.3
G-Force SoundSpectrum 1/20/2015 5.4.1
Games Microsoft Corporation 7/5/2014 2.0.139.0
Google Chrome Google Inc. 3/25/2015 52.0.2743.116
HD Wallpapers Backgrounds ! HD Image Photo Wallpaper Backgrounds Pics Art, Car 8/23/2014 8.0.0.0
IBM SPSS Statistics 22 IBM Corp 5/5/2015 941 MB 22.0.0.0
Intel® Management Engine Components Intel Corporation 5/15/2013 9.0.5.1367
Intel® Processor Graphics Intel Corporation 7/2/2014 10.18.10.3621
Intel® Rapid Storage Technology Intel Corporation 5/28/2014 12.5.4.1001
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 5/28/2014 3.0.0.63463
Intel® Update Manager Intel Corporation 9/12/2014 22.6 MB 2.3.1338
Internet Download Manager Tonec Inc. 8/7/2016
iTunes Apple Inc. 1/20/2016 215 MB 12.3.2.35
Java 8 Update 25 Oracle Corporation 11/14/2014 73.3 MB 8.0.250
Kerio Control VPN Client Kerio Technologies Inc. 1/15/2016 20.4 MB 8.6.3847
Khan Academy Khan Academy 9/6/2014 1.4.0.0
Kindle AMZN Mobile LLC 6/21/2015 2.1.0.2
KMSpico v9.2.3 5/28/2014 19.0 MB 9.2.3
Logitech Harmony Remote Software 7 Logitech 10/13/2014 7.7.0.0
MakeMKV v1.9.8 GuinpinSoft inc 1/11/2016 v1.9.8
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 9/3/2016 66.9 MB 2.2.1.1043
Maps Microsoft Corporation 9/12/2014 2.1.3230.2048
McAfee Security Scan Plus McAfee, Inc. 10/29/2015 10.2 MB 3.11.163.2
Microsoft Office Professional Plus 2013 Microsoft Corporation 7/2/2014 15.0.4569.1506
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 7/3/2014 4.84 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 7/3/2014 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 5/5/2015 10.7 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 7/3/2014 13.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 7/14/2014 11.5 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9/6/2014 8.20 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/3/2014 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/14/2014 8.78 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/14/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/14/2015 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/14/2015 10.0.50903
MKVToolNix 6.8.0 (64bit) Moritz Bunkus 7/3/2014 6.8.0
Mozilla Firefox 47.0.1 (x86 en-US) Mozilla 8/24/2016 94.4 MB 47.0.1
Mozilla Maintenance Service Mozilla 8/24/2016 225 KB 47.0.1.6018
MSN Food & Drink Microsoft Corporation 7/20/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 7/20/2015 3.0.4.336
MSN Travel Microsoft Corporation 7/20/2015 3.0.4.336
Myibidder Auction Bid Sniper for eBay 1.1.4 Myibidder.com 3/25/2015 38.6 MB 1.1.4 (Build 551)
NetTraffic VENEA.NET 11/15/2014 1.26.1.0
NOOK – Books, Magazines, Newspapers, Comics Barnes & Noble 8/11/2016 1.10.0.144
NVIDIA Graphics Driver 327.62 NVIDIA Corporation 7/15/2014 327.62
NVIDIA PhysX System Software 9.13.0725 NVIDIA Corporation 5/28/2014 9.13.0725
Photo to Cartoon Caricature Software 7/11/2014 7.66 MB 1.0.0
QuickTime 7 Apple Inc. 1/21/2015 70.2 MB 7.76.80.95
RAR File Open Knife - Free Opener Philipp Winterberg 7/26/2014 3.50
Reader Microsoft Corporation 8/13/2016 6.4.9926.18431
RealPlayer Cloud RealNetworks 7/3/2014 91.7 MB 17.0.6
Remote Control USB Driver 10/13/2014 2.3.2.317
Revo Uninstaller Pro 3.0.8 (32-bit|64-bit) Parand ® Software Group 7/13/2014 30.7 MB 3.0.8
Soda PDF 3D Reader LULU Software 4/16/2015 1.0.28.22657
Sonos Controller Sonos, Inc. 12/4/2014 32.3 MB 28.1.83040
Start Menu 8 IObit 2/19/2016 36.3 MB 3.0.0.1
Subtitle Edit 3.4.6 Nikse 7/14/2016 18.2 MB 3.4.6.544
TAP-Windows 9.9.2 8/26/2015 9.9.2
TeamViewer 9 TeamViewer 7/3/2014 9.0.27339
Telegram Desktop version 0.10.1 Telegram Messenger LLP 8/16/2016 28.2 MB 0.10.1
The Complete Genealogy Products Nigel Bufton Software 7/3/2014 43.0 MB Version 2013
theRenamer 7.69 theRenamer 1/8/2016 4.90 MB
TuneIn Radio TuneIn 8/23/2014 1.1.0.0
Video Microsoft Corporation 11/6/2015 2.6.446.0
VLC media player 2.1.4 VideoLAN 7/10/2014 2.1.4
Windows Driver Package - LASAK UK LTD HDCS (29/9/2010 1.0.25.1) LASAK UK LTD 2/5/2016 29/9/2010 1.0.25.1
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) Lenovo 5/28/2014 02/17/2013 9.52.0.776
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) Lenovo 5/28/2014 06/19/2012 10.13.29.733
Windows Help+Tips Microsoft Corporation 8/8/2014 6.3.9654.20559
Windows Reading List Microsoft Corporation 6/18/2016 6.3.9654.21234
Windows Scan Microsoft Corporation 11/12/2014 6.3.9654.17133
WinRAR 5.11 (64-bit) win.rar GmbH 9/2/2014 5.11.0
XML Notepad 2007 Microsoft Corporation 7/2/2014 2.04 MB 2.3.0.0
YouTube Downloader Now DevPro.Online 8/23/2014 1.0.0.38
µTorrent BitTorrent Inc. 8/11/2016 3.4.8.42449


#14 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:23 PM

Posted 20 September 2016 - 08:27 AM

Delete These Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.

Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task AutoPico Daily Restart @ByELDI "C:\Program Files\KMSpico\AutoPico.exe" /silent
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d067286bd6848b Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d08ef97bf4effe Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d0bf5f319f05cf Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-2127654969-188385897-2691937534-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-2127654969-188385897-2691937534-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task {BAEBE5C3-64AE-497D-8379-2EBF9DDFA3A5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\MSP\AppData\Roaming\v9\UninstallManager.exe -c  -ptid=cor
Yes Task {CBE6DDCA-3AD9-4A00-9881-BCF2682320F8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "D:\PDF Utilities\Adobe Acrobat XI Pro 11.0.6\Crack.exe" -d "D:\PDF Utilities\Adobe Acrobat XI Pro 11.0.6"
 
Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run IDMan Tonec Inc. E:\Programs\Internet Download Manager\IDMan.exe /onboot

Yes HKCU:Run NetTraffic VENEA.NET C:\Program Files (x86)\NetTraffic\NetTraffic.exe
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\MSP\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files (x86)\McAfee Security Scan\3.11.163\SSScheduler.exe
Yes Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
 
Old Adobe programs are malware magnets....uninstall or update the below Adobe programs.
Adobe Acrobat XI Pro Adobe Systems 7/2/2014 2.76 GB 11.0.06
Adobe AIR Adobe Systems Incorporated 7/3/2014 3.1.0.4880
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2/15/2016 18.1 MB 20.0.0.306
Adobe Help Manager Adobe Systems Incorporated 7/3/2014 4.0.244
Adobe Widget Browser Adobe Systems Incorporated. 7/3/2014 2.0 Build 348
 
Uninstall these programs:
Internet Download Manager Tonec Inc. 8/7/2016

Java 8 Update 25 Oracle Corporation 11/14/2014 73.3 MB 8.0.250

KMSpico v9.2.3 5/28/2014 19.0 MB 9.2.3

McAfee Security Scan Plus McAfee, Inc. 10/29/2015 10.2 MB 3.11.163.2

QuickTime 7 Apple Inc. 1/21/2015 70.2 MB 7.76.80.95

RealPlayer Cloud RealNetworks 7/3/2014 91.7 MB 17.0.6

Start Menu 8 IObit 2/19/2016 36.3 MB 3.0.0.1

µTorrent BitTorrent Inc. 8/11/2016 3.4.8.42449 (VERY risky to use to download free stuff...often illegal, too.)
 

 

UPdate:

Mozilla Firefox 47.0.1 (x86 en-US) Mozilla 8/24/2016 94.4 MB 47.0.1
Mozilla Maintenance Service Mozilla 8/24/2016 225 KB 47.0.1.6018
 
Please let me know how the computer is perfoming after doing the above and rebooting.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Littleleo37

Littleleo37
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 20 September 2016 - 09:22 AM


Delete These Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.
Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task AutoPico Daily Restart @ByELDI "C:\Program Files\KMSpico\AutoPico.exe" /silent

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d067286bd6848b Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d08ef97bf4effe Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d0bf5f319f05cf Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-2127654969-188385897-2691937534-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-2127654969-188385897-2691937534-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task {BAEBE5C3-64AE-497D-8379-2EBF9DDFA3A5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\MSP\AppData\Roaming\v9\UninstallManager.exe -c  -ptid=cor
Yes Task {CBE6DDCA-3AD9-4A00-9881-BCF2682320F8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "D:\PDF Utilities\Adobe Acrobat XI Pro 11.0.6\Crack.exe" -d "D:\PDF Utilities\Adobe Acrobat XI Pro 11.0.6"
 
Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run IDMan Tonec Inc. E:\Programs\Internet Download Manager\IDMan.exe /onboot
Yes HKCU:Run NetTraffic VENEA.NET C:\Program Files (x86)\NetTraffic\NetTraffic.exe
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\MSP\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files (x86)\McAfee Security Scan\3.11.163\SSScheduler.exe
Yes Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
 
Old Adobe programs are malware magnets....uninstall or update the below Adobe programs.
Adobe Acrobat XI Pro Adobe Systems 7/2/2014 2.76 GB 11.0.06
Adobe AIR Adobe Systems Incorporated 7/3/2014 3.1.0.4880
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2/15/2016 18.1 MB 20.0.0.306
Adobe Help Manager Adobe Systems Incorporated 7/3/2014 4.0.244
Adobe Widget Browser Adobe Systems Incorporated. 7/3/2014 2.0 Build 348
 
Uninstall these programs:
Internet Download Manager Tonec Inc. 8/7/2016
Java 8 Update 25 Oracle Corporation 11/14/2014 73.3 MB 8.0.250
KMSpico v9.2.3 5/28/2014 19.0 MB 9.2.3
McAfee Security Scan Plus McAfee, Inc. 10/29/2015 10.2 MB 3.11.163.2
QuickTime 7 Apple Inc. 1/21/2015 70.2 MB 7.76.80.95
RealPlayer Cloud RealNetworks 7/3/2014 91.7 MB 17.0.6
Start Menu 8 IObit 2/19/2016 36.3 MB 3.0.0.1
µTorrent BitTorrent Inc. 8/11/2016 3.4.8.42449 (VERY risky to use to download free stuff...often illegal, too.)
 
 
UPdate:
Mozilla Firefox 47.0.1 (x86 en-US) Mozilla 8/24/2016 94.4 MB 47.0.1
Mozilla Maintenance Service Mozilla 8/24/2016 225 KB 47.0.1.6018
 
Please let me know how the computer is perfoming after doing the above and rebooting.



Dear buddy, Bad Image pop ups haven't appeared so far .laptop is connected to internet and it has signals but none of browsers work (message: there is no internet connection. Your computer is offline)
Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users