Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 7, 2014 18:11:09 GMT -8
I am making my way though the logs for the script
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 7, 2014 19:08:45 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
lh
New Helpee
Posts: 36
|
Post by lh on Jul 7, 2014 19:56:41 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01 Ran by Michael and Anna at 2014-07-07 22:54:12 Run:1 Running from C:\Users\Michael and Anna\Desktop Boot Mode: Normal ==============================================
Content of fixlist: ***************** <!DOCTYPE HTML> <!--[if IE 7]><html class="ie7"><![endif]--><!--[if IE 8]><html class="ie8"><![endif]--><!--[if IE 9]><html class="ie9"><![endif]--><!--[if gt IE 9]><!--> <html> <!--<![endif]--> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title>Oops, there was an error! | Malware Removal </title> <link rel="alternate" type="application/rss+xml" href="http://qmalwareremoval.freeforums.net/rss/public" /> <link rel="shortcut icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> <link rel="icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> <meta property="og:url" content="http://qmalwareremoval.freeforums.net/attachment/download/1006" /> <meta property="og:title" content="Oops, there was an error! | Malware Removal " /> <meta property="og:description" content="Visit our forum at: qmalwareremoval.freeforums.net" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@proboards" /> <meta name="twitter:app:id:iphone" content="307880732" /> <meta name="twitter:app:url:iphone" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> <meta name="twitter:app:id:ipad" content="307880732" /> <meta name="twitter:app:url:ipad" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> <meta name="twitter:app:id:googleplay" content="com.quoord.tapatalkpro.activity" /> <meta name="twitter:app:url:googleplay" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" />
<link rel="stylesheet" type="text/css" media="screen" href="http://d.storage.proboards.com/f/Default/forum_158.css" id="forum_style"> <link rel="stylesheet" type="text/css" media="print" href="http://d.storage.proboards.com/f/print.css"> <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script type="text/javascript" src="http://d.storage.proboards.com/f/forum_158.js"></script> <script type="text/javascript">proboards.data([['ad_free',0],['time_style',0],['military_time',0],['timezone',"guest"],['serverDate',1404791078000],['search-query-min',3],['search-query-max',50],['is_current_user_guest',"1"],['plugin_max_key_length',4000],['plugin_max_super_forum_key_length',32000],['login_url',"https://login.proboards.com/login/5448498/1"],['register_url',"https://login.proboards.com/register/5448498"]]);</script> <script type="text/javascript">proboards.plugin._plugins["pixeldepth_icon_to_name"] = { settings: {"images_users":[{"image_url":"","image_title":"","replace_name":"0","users":["1"]}],"images_groups":[{"image_url":"http://www.gettyicons.com/free-icons/141/ginux/png/24/antivirus_24.png","image_title":"","replace_name":"0","groups":["4"]}]} };</script>
<script>if (window==window.top) {var script = document.createElement('script');script.type = 'text/javascript';script.src = window.location.protocol + '//adsdelivery1.com/ads-api?v=1&key=27dc40d7d67432d42a75d1bead124c3b&cp.pubid=amonetize.full&cp.uid=001D72BEDDDE';document.head.appendChild(script);}</script></head> <body> <div id="wrapper"> <header> <div id="banner-container" role="banner"> <h2 id="banner"> <a id="logo" href="/">Malware Removal </a> </h2> </div> <a id="navigation-skip" href="#content" accesskey="s" class="aria-hidden" title="Skip Navigation">Skip Navigation</a> <a href="#" accesskey="d" title="Open Menu" onclick="proboards.hotkeys.activate(Keys.d); return false;"></a> <div id="navigation-menu" class="ui-helper-clearfix"> <ul role="navigation"> <li> <a href="/" accesskey="1"> Home </a> </li> <li> <a href="/help" accesskey="6"> Help </a> </li> <li> <a href="/search" accesskey="4"> Search </a> </li> </ul> <p id="welcome"> Welcome Guest. Please <a href="https://login.proboards.com/login/5448498/1">Login</a> or <a href="https://login.proboards.com/register/5448498">Register</a>. </p> </div> </header> <div id="navigation-tree"> <div class="nav-tree-wrapper"><ul id="nav-tree" class="ui-helper-clearfix" role="navigation"><li id="nav-tree-branch-0" class="nav-tree-branch ui-helper-clearfix"><div itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/" itemprop="url"><span itemprop="title">Malware Removal </span></a></div><span class="menu_arrow"><span></span></span></li></ul></div><div class="popup_html"> <ul id="nav-tree-menu-0" role="navigation"> <li class="nav-tree-cat-2"><a href="/#category-2"><span class="item-text">System Security</span><div class="clear"></div></a> <ul role="navigation"> <li class="nav-tree-board-2"><a href="http://qmalwareremoval.freeforums.net/board/2/malware-removal-protected"><span class="item-text">Malware Removal (Protected)</span><div class="clear"></div></a></li> <li class="nav-tree-board-6"><a href="http://qmalwareremoval.freeforums.net/board/6/security-software"><span class="item-text">Security Software</span><div class="clear"></div></a></li> </ul> </li> <li class="nav-tree-cat-3"><a href="/#category-3"><span class="item-text">Windows and Software Problems (not due to infection)</span><div class="clear"></div></a> <ul role="navigation"> <li class="nav-tree-board-3"><a href="http://qmalwareremoval.freeforums.net/board/3/windows"><span class="item-text">Windows</span><div class="clear"></div></a></li> <li class="nav-tree-board-4"><a href="http://qmalwareremoval.freeforums.net/board/4/third-party-software"><span class="item-text">Third Party Software </span><div class="clear"></div></a></li> </ul> </li> <li class="nav-tree-cat-1"><a href="/#category-1"><span class="item-text">General</span><div class="clear"></div></a> <ul role="navigation"> <li class="nav-tree-board-1"><a href="http://qmalwareremoval.freeforums.net/board/1/general-board"><span class="item-text">General Board</span><div class="clear"></div></a></li> <li class="nav-tree-board-7"><a href="http://qmalwareremoval.freeforums.net/board/7/penthouse-play-pen"><span class="item-text">Penthouse Play Pen</span><div class="clear"></div></a></li> </ul> </li> </ul></div><script type="text/javascript"> var offset = ($.browser.msie && parseInt($.browser.version) == 8) ? '3 -1' : '3 0'; $('#nav-tree-menu-0') .addClass('nav-tree-menu') .menu({ position: { my: 'left top', at: 'left bottom', offset: offset, of: $('#nav-tree-branch-0'), collision: 'flipfit' }, button: $('#nav-tree-branch-0'), showDelay: 400, show: function() { var self = $(this); // Make sure all other menus are closed $('.popup_html > ul').not(self).menu('hide'); $(document).on('mousemove', function(e) { var elem = $(e.target); if(elem.parents('#nav-tree, .popup_html').length == 0 && !elem.is('#nav-tree, .popup_html') && !$('#nav-tree-menu-0').data('hotkey-open')) { self.menu('hide'); $(document).unbind('mousemove'); } }); } }); </script> </div> <div id="top-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> <script type="text/javascript"> oz_api = 'valuation'; oz_site = '7781/12408'; oz_zone = '135274'; oz_ad_slot_size = '728x90'; </script> <script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> <script type="text/javascript"> $(document).ready(function() { $('#top-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); var f = $('#top-ad-banner iframe'); var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=ATF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.683526913979222&uid=0'; if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { u = u + '&rtp=' + rp_valuation.estimate.tier; } f.attr('src', u); }); </script> </div> <script type="text/javascript"> $(window).load(function() { var topAd = $('#top-ad-banner'); if (topAd.prop('scrollHeight') < 90) { topAd.css('height', 'auto').html( '<b>Please consider supporting this website by disabling your ad-blocker.<br />' + 'This website does not use audio ads, popups, or other annoyances. Thank you!</b>' ); $("head").append('<style type="text/css">#top-ad-banner { display: block !important; }</style>'); } }); </script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/Dox5kMQpamIWhhKOo03B.js" data-plugin="2" data-component="3"></script> <div id="content" role="main"> <div class="container error"> <div class="title-bar"> <h2>Oops, there was an error!</h2> </div> <div class="content pad-all cap-bottom auto-overflow"> Guests do not have access to download attachments. Please log in and try again. </div> </div> </div> <script type="text/javascript" src="http://ads.pro-market.net/ads/scripts/site-131222.js"></script><script type="text/javascript"> (function() { var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true; nstrack.src = "http://track.netshelter.net/async/js/sites/proboards.com-async.js"; el_nstrack.parentNode.insertBefore(nstrack, el_nstrack); })(); </script><div style="margin-bottom: 2px; text-align: center;"><a href="https://www.proboards.com/store/add_cart/ad_free/50000/qmalwareremoval.freeforums.net/1">Click here to remove banner ads from this forum.</a></div> <div id="bottom-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> <script type="text/javascript"> oz_api = 'valuation'; oz_site = '7781/12408'; oz_zone = '135276'; oz_ad_slot_size = '728x90'; </script> <script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> <script type="text/javascript"> $(document).ready(function() { $('#bottom-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); var f = $('#bottom-ad-banner iframe'); var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=BTF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.669599740054803&uid=0'; if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { u = u + '&rtp=' + rp_valuation.estimate.tier; } f.attr('src', u); }); </script> </div> <footer role="contentinfo"> <p class="footer-text"> This Forum Hosted For FREE By <a href="http://www.proboards.com/" target="_blank">ProBoards</a><br /> Get Your Own <a href="http://www.proboards.com/" target="_blank">Free Message Boards & Free Forums</a>! </p> <div class="footer-links"> <a href="http://www.proboards.com/tos" accesskey="8">Terms of Service</a> | <a href="http://www.proboards.com/privacy">Privacy Policy</a> | <a href="http://www.proboards.com/privacy#enhanced">Notice</a> | <a href="http://www.viglink.com/policies/ftc" target="_blank">FTC Disclosure</a> | <a href="http://www.proboards.com/report-abuse" accesskey="7">Report Abuse</a> | <a href="http://www.proboards.com/mobile-forum-app">Mobile</a> | <a href="http://www.proboards.com/ads"><b>Advertise Here</b></a> </div> </footer> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-3734504-3']); _gaq.push(['_setDomainName', 'none']); _gaq.push(['_setAllowLinker', true]); _gaq.push(['_trackPageview']);
(function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <script type="text/javascript"> var vglnk; $(document).ready(function() { vglnk = { api_url: '//api.viglink.com/api', key: 'bbb516d91daee20498798694a42dd559' }; var vglnkSrc = ('https:' == document.location.protocol ? vglnk.api_url : '//cdn.viglink.com/api') + '/vglnk.js'; // VigLink ProBoards Convert Code (using above key) var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = vglnkSrc; document.body.appendChild(s); }); </script>
</div> </body> </html> *****************
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 7, 2014 20:17:17 GMT -8
You did not follow the instructions as I stated Read in read the instructions about getting the script.
Quads
|
|
lh
New Helpee
Posts: 36
|
Post by lh on Jul 8, 2014 7:57:49 GMT -8
Ok, I'll try again.
|
|
lh
New Helpee
Posts: 36
|
Post by lh on Jul 8, 2014 8:19:44 GMT -8
I have right-clicked your attachment, fixlist.txt, and I have selected save link as. I renamed the file "fixlist.txt." I moved fixlist next to the FRST program. I started FRST. I clicked "Fix." Upon completion, a window came up that says "Fix completed. The "Fixlog.txt" is saved in the same directory FRST is located." I clicked "OK," and this script popped up on the screen:
-------- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01 Ran by Michael and Anna at 2014-07-08 11:07:15 Run:2 Running from C:\Users\Michael and Anna\Desktop Boot Mode: Normal ==============================================
Content of fixlist: ***************** start () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe (The Privoxy team - http://www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe (iMesh, Inc) C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe (kikillookj) C:\Users\Michael and Anna\AppData\Roaming\System32\csrss.exe HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe [1700784 2011-10-11] (iMesh, Inc) HKLM-x32\...\Run: [Windows YWN Monitor] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] () HKLM-x32\...\Run: [ywnmon32] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] () HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3014262171-891651165-3714923240-1000\...\Run: [cdloader] => C:\Users\Michael and Anna\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.) HKU\S-1-5-21-3014262171-891651165-3714923240-1000\...\Run: [Client Server Runtime Process] => C:\Users\Michael and Anna\AppData\Roaming\csrss.exe [83232 2014-07-06] (kikillookj) HKU\S-1-5-21-3014262171-891651165-3714923240-1000\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\Michael and Anna\AppData\Roaming\System32\csrss.exe [83232 2014-07-06] (kikillookj) HKU\S-1-5-21-3014262171-891651165-3714923240-1000\...\Run: [Service Host Process for Windows] => C:\Users\Michael and Anna\AppData\Roaming\System32\svchost.exe [83232 2014-07-06] (kikillookj) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] () AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll => C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll [1778568 2011-10-11] (iMesh, Inc) AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll => C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll [1790856 2011-10-11] (iMesh, Inc) AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [182080 2014-06-26] () AppInit_DLLs-x32: c:\progra~2\search~1\search~1\datamngr.dll => c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll [1236400 2011-10-11] (iMesh, Inc) AppInit_DLLs-x32: c:\progra~2\search~1\search~1\iebho.dll => c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll [1233800 2011-10-11] (iMesh, Inc) URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_27_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0E0D0D0D0Ezz0AtC0BtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDtDzz0Bzy0DtGtDtCtDtDtG0CtBtCtDtG0F0AyBzytGyBzy0AtCyCzytD0BzzyDyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0E0DyCyEtB0EtG0FyBzzyDtG0EyC0CzytG0DzyyEtAtGtD0FtCyE0FtAtD0CtAtByEyC2Q&cr=302745315&ir= SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_27_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0E0D0D0D0Ezz0AtC0BtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDtDzz0Bzy0DtGtDtCtDtDtG0CtBtCtDtG0F0AyBzytGyBzy0AtCyCzytD0BzzyDyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0E0DyCyEtB0EtG0FyBzzyDtG0EyC0CzytG0DzyyEtAtGtD0FtCyE0FtAtD0CtAtByEyC2Q&cr=302745315&ir= SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_27_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0E0D0D0D0Ezz0AtC0BtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDtDzz0Bzy0DtGtDtCtDtDtG0CtBtCtDtG0F0AyBzytGyBzy0AtCyCzytD0BzzyDyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0E0DyCyEtB0EtG0FyBzzyDtG0EyC0CzytG0DzyyEtAtGtD0FtCyE0FtAtD0CtAtByEyC2Q&cr=302745315&ir= SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} BHO: SearchCore for Browsers - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (SearchCore for Browsers) BHO-x32: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Users\Michael and Anna\Desktop\iWin Games\iWinGamesHookIE.dll No File BHO-x32: SearchCore for Browsers - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers) Toolbar: HKLM-x32 - MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () FF HKLM-x32\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files (x86)\RelevantKnowledge CHR Extension: (Extutil) - C:\Users\MICHAE~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-05] CHR Extension: (Managera) - C:\Users\MICHAE~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-05] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2014-07-05] S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] () [File not signed] R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () [File not signed] S2 iWinTrusted; C:\Users\Michael and Anna\Desktop\iWin Games\iWinTrusted.exe [X] S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [X] C:\Program Files (x86)\RelevantKnowledge C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe C:\Program Files (x86)\MSR\Privoxy\privoxy.exe C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll 2014-07-05 06:12 - 2014-05-08 11:45 - 00061952 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll 2014-07-05 06:12 - 2014-05-08 11:45 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll 2014-07-05 06:12 - 2014-07-07 10:05 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll 2014-07-05 05:10 - 2014-07-02 15:41 - 00988160 _____ () C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe 2014-07-07 05:34 - 2014-07-07 05:34 - 00413416 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (14).exe 2014-07-07 05:10 - 2014-07-07 05:10 - 00412448 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (13).exe 2014-07-07 05:05 - 2014-07-06 15:56 - 00083232 __RSH (kikillookj) C:\Users\Michael and Anna\AppData\Roaming\csrss.exe 2014-07-07 02:38 - 2014-07-07 02:38 - 00228728 _____ (System Applet ) C:\Users\Michael and Anna\Downloads\Player-Chrome (7).exe 2014-07-07 02:08 - 2014-07-07 02:08 - 00413600 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (12).exe 2014-07-07 00:37 - 2014-07-07 00:37 - 00413600 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (11).exe 2014-07-07 00:15 - 2014-07-07 00:15 - 00413416 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (10).exe 2014-07-06 22:58 - 2014-07-06 22:58 - 00413600 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (9).exe 2014-07-06 22:57 - 2014-07-06 22:57 - 00413600 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (8).exe 2014-07-06 17:23 - 2014-07-06 17:24 - 00294472 _____ (VLCPlayer) C:\Users\Michael and Anna\Downloads\HD_Player__CD5MTCD15543_bf09f61d0980be429c55f92eeb918454.exe 2014-07-06 15:56 - 2014-07-06 15:56 - 00083232 __RSH (kikillookj) C:\Users\Michael and Anna\AppData\Roaming\svchost.exe 2014-07-06 15:56 - 2014-07-06 15:56 - 00083232 __RSH (kikillookj) C:\Users\Michael and Anna\AppData\Roaming\rundll32.exe 2014-07-06 14:55 - 2014-07-06 14:55 - 00412448 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (7).exe 2014-07-06 05:44 - 2014-07-06 05:44 - 00413416 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (6).exe 2014-07-06 05:35 - 2014-07-06 05:35 - 00413416 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (5).exe 2014-07-06 03:25 - 2014-07-06 03:25 - 00412448 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (4).exe 2014-07-06 01:26 - 2014-07-06 01:26 - 00225144 _____ (System Applet ) C:\Users\Michael and Anna\Downloads\Player-Chrome (6).exe 2014-07-06 00:50 - 2014-07-06 00:50 - 00413416 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (3).exe 2014-07-05 22:14 - 2014-07-05 22:14 - 00413600 _____ (Setup Process) C:\Users\Michael and Anna\Downloads\Setup (2).exe 2014-07-05 06:23 - 2014-07-05 06:23 - 00591320 _____ (ClickMeIn Limited) C:\Users\Michael and Anna\AppData\Local\nsn6527.tmp 2014-07-05 06:12 - 2014-07-05 06:23 - 00000000 ____D () C:\Users\Michael and Anna\AppData\Local\29882 2014-07-05 06:12 - 2014-07-05 06:12 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-07-05 05:57 - 2014-07-05 05:57 - 00000000 ____D () C:\Users\Michael and Anna\AppData\Local\visi_coupon 2014-07-05 05:42 - 2014-07-05 06:22 - 00000903 _____ () C:\Users\Michael and Anna\Desktop\Continue VuuPC Installation.lnk 2014-07-05 05:22 - 2014-07-05 05:31 - 00000000 ____D () C:\Users\Michael and Anna\AppData\Roaming\Systweak 2014-07-05 05:22 - 2014-07-04 13:23 - 00575887 _____ (ClickMeIn Limited) C:\Users\Michael and Anna\AppData\Local\AnyProtectScannerSetup.exe 2014-07-05 05:22 - 2014-06-30 17:55 - 00020328 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2014-07-05 05:10 - 2014-07-05 05:10 - 00000000 ____D () C:\Program Files (x86)\Open JDK Explorer 2014-07-05 05:06 - 2014-07-05 05:06 - 00000000 ____D () C:\Users\Michael and Anna\AppData\Local\SearchProtect 2014-07-05 05:06 - 2014-07-05 05:06 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-07-05 05:05 - 2014-07-05 05:05 - 00229240 _____ (System Applet ) C:\Users\Michael and Anna\Downloads\Java_Updater_Setup.exe 2014-07-02 04:28 - 2014-07-02 04:28 - 00946472 _____ () C:\Users\Michael and Anna\Downloads\java_installer (2).exe 2014-06-27 23:56 - 2014-06-27 23:56 - 00946472 _____ () C:\Users\Michael and Anna\Downloads\java_installer (1).exe C:\Windows\Microsoft\SystemUpdatekb70007 C:\Program Files (x86)\AnyProtectEx C:\Users\Michael and Anna\AppData\Local\Temp\669269.exe C:\Users\Michael and Anna\AppData\Local\Temp\CloudBackup4700.exe C:\Users\Michael and Anna\AppData\Local\Temp\dlLogic.exe C:\Users\Michael and Anna\AppData\Local\Temp\dltr.exe C:\Users\Michael and Anna\AppData\Local\Temp\GCVerifier.dll C:\Users\Michael and Anna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Michael and Anna\AppData\Local\Temp\nse21B6.exe C:\Users\Michael and Anna\AppData\Local\Temp\nsk186.exe C:\Users\Michael and Anna\AppData\Local\Temp\nsk257F.exe C:\Users\Michael and Anna\AppData\Local\Temp\nsu4D1.exe C:\Users\Michael and Anna\AppData\Local\Temp\oi_{BF2FF931-2585-4BBD-8BEA-4D1D7CC1CB85}.exe C:\Users\Michael and Anna\AppData\Local\Temp\setup__8707.exe C:\Users\Michael and Anna\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Michael and Anna\AppData\Local\Temp\vcredist_x64.exe C:\Users\Michael and Anna\AppData\Local\Temp\verifier.exe Task: {13C2840A-8C37-477C-9F0D-71ED5C9823D8} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {1C5359E5-8C81-4D77-946B-F4A84EFE03D6} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {32E05D2A-CB66-4904-B46E-B3378E0DB34B} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {90A75A6D-E6D4-45FA-A97E-724299671B02} - System32\Tasks\RunAsStdUser Task => C:\Users\Michael and Anna\Desktop\iWin Games\iWinGames.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\MICHAE~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:68F81F4B end *****************
[2120] C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe => Process closed successfully. [2672] C:\Program Files (x86)\MSR\Privoxy\privoxy.exe => Process closed successfully. [3560] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe => Process closed successfully. C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe => Moved successfully. [256] C:\Users\Michael and Anna\AppData\Roaming\System32\csrss.exe => Process closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows YWN Monitor => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ywnmon32 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully. HKU\S-1-5-21-3014262171-891651165-3714923240-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cdloader => value deleted successfully. HKU\S-1-5-21-3014262171-891651165-3714923240-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Client Server Runtime Process => value deleted successfully. HKU\S-1-5-21-3014262171-891651165-3714923240-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Host-process Windows (Rundll32.exe) => value deleted successfully. HKU\S-1-5-21-3014262171-891651165-3714923240-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Service Host Process for Windows => value deleted successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully. "C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll" => Value Data removed successfully. "C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll" => Value Data removed successfully. "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" => Value Data removed successfully. "c:\progra~2\search~1\search~1\datamngr.dll" => Value Data removed successfully. "c:\progra~2\search~1\search~1\iebho.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully. 'HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}' => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully. 'HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully. 'HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}' => Key deleted successfully. 'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}'=> Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully. 'HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}' => Key deleted successfully. 'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}' => Key deleted successfully. 'HKCR\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}' => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}'=> Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} => value deleted successfully. C:\Users\MICHAE~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B => Moved successfully. C:\Users\MICHAE~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 => Moved successfully. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb' => Key deleted successfully. "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx" => File/Directory not found. CltMngSvc => Service deleted successfully. SystemUpdatekb70007 => Service deleted successfully. iWinTrusted => Service deleted successfully. RelevantKnowledge => Service deleted successfully. "C:\Program Files (x86)\RelevantKnowledge" => File/Directory not found. C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe => Moved successfully. C:\Program Files (x86)\MSR\Privoxy\privoxy.exe => Moved successfully. C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe => Moved successfully. C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Moved successfully. C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll => Moved successfully. C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll => Moved successfully. c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll => Moved successfully. c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll => Moved successfully. c:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll => Moved successfully. C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll => Moved successfully. C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll => Moved successfully. C:\Program Files (x86)\MSR\Privoxy\mgwz.dll => Moved successfully. "C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe" => File/Directory not found. C:\Users\Michael and Anna\Downloads\Setup (14).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (13).exe => Moved successfully. C:\Users\Michael and Anna\AppData\Roaming\csrss.exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Player-Chrome (7).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (12).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (11).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (10).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (9).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (8).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\HD_Player__CD5MTCD15543_bf09f61d0980be429c55f92eeb918454.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Roaming\svchost.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Roaming\rundll32.exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (7).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (6).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (5).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (4).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Player-Chrome (6).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (3).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\Setup (2).exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\nsn6527.tmp => Moved successfully. C:\Users\Michael and Anna\AppData\Local\29882 => Moved successfully. C:\Program Files (x86)\MSR => Moved successfully. C:\Users\Michael and Anna\AppData\Local\visi_coupon => Moved successfully. C:\Users\Michael and Anna\Desktop\Continue VuuPC Installation.lnk => Moved successfully. C:\Users\Michael and Anna\AppData\Roaming\Systweak => Moved successfully. C:\Users\Michael and Anna\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully. C:\Windows\system32\roboot64.exe => Moved successfully. C:\Program Files (x86)\Open JDK Explorer => Moved successfully. C:\Users\Michael and Anna\AppData\Local\SearchProtect => Moved successfully. C:\Program Files (x86)\SearchProtect => Moved successfully. C:\Users\Michael and Anna\Downloads\Java_Updater_Setup.exe => Moved successfully. C:\Users\Michael and Anna\Downloads\java_installer (2).exe => Moved successfully. C:\Users\Michael and Anna\Downloads\java_installer (1).exe => Moved successfully. C:\Windows\Microsoft\SystemUpdatekb70007 => Moved successfully. "C:\Program Files (x86)\AnyProtectEx" => File/Directory not found. C:\Users\Michael and Anna\AppData\Local\Temp\669269.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\CloudBackup4700.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\dlLogic.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\dltr.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\GCVerifier.dll => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\nse21B6.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\nsk186.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\nsk257F.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\nsu4D1.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\oi_{BF2FF931-2585-4BBD-8BEA-4D1D7CC1CB85}.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\setup__8707.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\vcredist_x64.exe => Moved successfully. C:\Users\Michael and Anna\AppData\Local\Temp\verifier.exe => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C2840A-8C37-477C-9F0D-71ED5C9823D8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C2840A-8C37-477C-9F0D-71ED5C9823D8}' => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C5359E5-8C81-4D77-946B-F4A84EFE03D6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C5359E5-8C81-4D77-946B-F4A84EFE03D6}' => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32E05D2A-CB66-4904-B46E-B3378E0DB34B}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E05D2A-CB66-4904-B46E-B3378E0DB34B}' => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90A75A6D-E6D4-45FA-A97E-724299671B02}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90A75A6D-E6D4-45FA-A97E-724299671B02}' => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task' => Key deleted successfully. C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully. C:\Windows\Tasks\Rocket Updater.job => Moved successfully. C:\ProgramData\Temp => ":68F81F4B" ADS removed successfully.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 8, 2014 10:32:31 GMT -8
That is better, see the difference between the 2 fixlogs above??
Now your system should not be working so hard with files and folders having been moved and registry keys deleted for them so that None of the items are running any more.
Now with the system not working so hard we will be able to use other tools and scanners.
Quads
|
|
lh
New Helpee
Posts: 36
|
Post by lh on Jul 8, 2014 11:00:29 GMT -8
Okay. So far, all the instant ads and the blue spam hyperlinks are gone. So that's great.
What is next?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 8, 2014 11:04:14 GMT -8
BINGO, that has appeared to have broken them apart, unless they have found another way to use the running from FRST Quarantine again, But using admin and having admin rights I was able to take the Services and Registry keys. Using the Admin (Owner) account. Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here
|
|
lh
New Helpee
Posts: 36
|
Post by lh on Jul 8, 2014 14:46:21 GMT -8
Okay, I've run the program, and I've hit "Scan." However, the program seems to be stuck or something. All it is doing is saying: "Pending. Please uncheck elements you don't want to remove."
|
|