Vimar

Thank you for your time and patience. I will work through all the follow up steps. Again...many thanks!

Hitman, All were deleted. HitmanPro_20140406_1124.log

Hitman is still finding issues and they all seem to be with Google Chrome? Should I uninstall Chrome? Results of screen317's Security Check version 0.99.81 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader XI Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` HitmanPro_20140406_1038.log

Yes to both. The only reader 9 files i could find were residual setup files and a dictionary and spelling file.

TDSS Killer TDSSKiller.3.0.0.28_05.04.2014_10.15.26_log.txt

fixlog Fixlog.txt

I appreciate your patience!! TDS Killer log... TDSSKiller.3.0.0.26_05.04.2014_09.33.56_log.txt TDSSKiller.3.0.0.28_05.04.2014_09.36.03_log.txt TDSSKiller.3.0.0.28_05.04.2014_09.40.56_log.txt

I could not find adobe reader 9 in program files on control panel? checkup.txt

I must be missing a step. I have reviewed your posts and dont know what I'm missing. I ram Mbam, copied to clipboard and posted above. I was out for a bit and when i returned i noticed that there was an update for Mbam. I updated and ran again to find 0 threats. However there was still a problems found in Hitman? HitmanPro_20140404_2228.log

FRST Fixlog.txt

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/4/2014 Scan Time: 4:57:58 PM Logfile: Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.04.04.09 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Glen Scan Type: Threat Scan Result: Completed Objects Scanned: 405705 Time Elapsed: 26 min, 53 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 7 PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [12ee33cd31cf0df308bc97abb25024dc], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgmfkblbflahhponhjmkcnpjinenhlnc, Quarantined, [26dab14fd03029d7bc4db8ae689a619f], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [cc34e0202ed22cd4d6560f5f51b102fe], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [b54b5ca43bc554acbb71c7a77d854ab6], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [de227888cc34e31ddd4f244ab15158a8], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [2dd38977ae52e61a1e0efe7018eafc04], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [0ff1b34ddb2543bd68c4d896a75b7e82], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 5 PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), Replaced,[669ac739c33df20e4970231cc440de22] PUP.Optional.MySearchDial.A, C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), Replaced,[ce3241bf000013ed724761de56ae8d73] PUP.Optional.MySearchDial.A, C:\Users\Glen\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=", "http://www.google.ca/" ],), Replaced,[16ea1fe15ea258a887328cb36a9a9e62] PUP.Optional.MySearchDial.A, C:\Users\Marley\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), Replaced,[8779a75955ab51af1b9e3a053fc52dd3] PUP.Optional.MySearchDial.A, C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), Replaced,[02fe7a8660a0966a84354bf441c3f808] Physical Sectors: 0 (No malicious items detected) (end)

Step 8 Results of screen317's Security Check version 0.99.81 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

Ran a new scan; Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/4/2014 Scan Time: 2:58:58 PM Logfile: Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.04.04.07 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Glen Scan Type: Threat Scan Result: Completed Objects Scanned: 405718 Time Elapsed: 27 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 7 PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, No Action By User, [6d93867acb3550b0a11ca999917128d8], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgmfkblbflahhponhjmkcnpjinenhlnc, No Action By User, [6a96936dcc34a95756b0ca9ca35f4bb5], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, No Action By User, [4ab62ad60ef2817f43e6ee80689a9a66], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, No Action By User, [a15ff7090af6b44c82a70569ee14cf31], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, No Action By User, [946cd828b14f3cc4ea3f591538ca9769], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, No Action By User, [bf41a759e020b24edf4a165848ba629e], PUP.Optional.Ividi.A, HKU\S-1-5-21-1768912833-1729506590-1983972597-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, No Action By User, [619fb54bbd4301ff41e897d7d62c11ef], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 5 PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), No Action By User,[3ac6a15fa35d3ac61c9150efca3a17e9] PUP.Optional.MySearchDial.A, C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), No Action By User,[2bd511ef60a0a45c2e7f142bdc280ff1] PUP.Optional.MySearchDial.A, C:\Users\Glen\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=", "http://www.google.ca/" ],), No Action By User,[b64ab44cd52b728edad37bc41ce89e62] PUP.Optional.MySearchDial.A, C:\Users\Marley\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), No Action By User,[a35d857bd42c06facde06cd319ebea16] PUP.Optional.MySearchDial.A, C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=md_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCzzyC0A0BtCzzzz0A0E0FtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzztCyBtCzy0BtG0C0D0FyCtG0DtA0EzztGtCyBzytDtGyEtD0D0FyE0AtBzytD0F0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0F0BtCtDtC0CtGzz0AtA0BtGyE0A0F0CtGtCyEtB0EtGyC0DtCyDtCtAtC0A0EtDtAyD2Q&cr=942731108&ir=" ],), No Action By User,[52aee71967995ca45c51e65970947e82] Physical Sectors: 0 (No malicious items detected) (end)

step 7 HitmanPro_20140404_1426.log

OK. I downloaded the proper MBAM and executed as per your instructions. Everything went well until I clicked "copy to clipboard" so I could copy the scan report. When I do this MBAM shuts down..."Malwarebytes has stopped working, a problem has caused the program to stop working windows will notify you if a solution becomes available..." I have also tried using the "export" button but the same problem. I tried pulling the log from C:\Program Files\Malwarebytes' Anti-Malware\Logs but the only file there in very old? There are several items quanantined. Not sure what to do next?