Egarrim

Yontoo Desktop / whitesmoke tool bar infection

12 posts in this topic

Hi, i have been having problems with lots of unwanted programs appearing on my laptop. Most of which i have uninstalled, however i still have the two thing left in the title, yontoo desktop.exe and whitesmoke tool bar, i have disabled whitesmoke in extensions but would like to know how to permanently remove, i thought i had solved this myself last week but strange ads keep popping up. Please can you offer me some assistance.

Kind Regards Dave

Here are the logs

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476

Run by BMC at 10:56:31 on 2013-04-20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2008.817 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\ProgramData\IBUpdaterService\ibsvc.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Kontiki\KService.exe

C:\Program Files\OEM\OSD_1.2\OsdService.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\SoftwareUpdater\UpdaterService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Kontiki\KHost.exe

C:\Users\BMC\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll

TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [kdx] c:\program files\kontiki\KHost.exe -all

uRun: [Yontoo Desktop] "c:\users\bmc\appdata\roaming\yontoo\YontooDesktop.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Power2GoExpress] <no file>

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [iJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [updateP2GShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: unipass.co.uk

Trusted Zone: unipass.co.uk

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{C371C610-6B7F-45F0-86F0-80BFB3A0AE42} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{E9BD6B67-F270-4464-A299-AE20DA630089} : DHCPNameServer = 192.168.0.1

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R1 MpKsl545b13f6;MpKsl545b13f6;c:\programdata\microsoft\microsoft antimalware\definition updates\{695aadcf-6881-4b8b-8b6f-4d2ec2ec0ff4}\MpKsl545b13f6.sys [2013-4-20 29904]

R1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_50414.sys [2013-3-3 316984]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-13 102680]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-13 173880]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2013-4-8 622624]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

R2 OsdService;OSD Service;c:\program files\oem\osd_1.2\OsdService.exe [2008-2-22 94208]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 SrvUpdater;Software Updater;c:\program files\softwareupdater\UpdaterService.exe [2013-2-18 31744]

R3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-5-21 7168]

R3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2009-11-23 8192]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-3 112128]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-3-11 55448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9c1d18786ecb0;Google Update Service (gupdate1c9c1d18786ecb0);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]

S2 Yontoo Desktop Updater;Yontoo Desktop Updater;"c:\program files\yontoo\y2desktop.updater.exe" "c:\users\bmc\appdata\roaming\yontoo\yontoodesktop.exe" --> c:\program files\yontoo\Y2Desktop.Updater.exe [?]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-13 102008]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-04-20 08:26:57 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{695aadcf-6881-4b8b-8b6f-4d2ec2ec0ff4}\MpKsl545b13f6.sys

2013-04-19 17:45:44 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2013-04-19 17:45:43 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2013-04-19 17:45:43 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2013-04-19 17:45:43 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2013-04-19 15:43:05 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{695aadcf-6881-4b8b-8b6f-4d2ec2ec0ff4}\mpengine.dll

2013-04-19 15:39:18 -------- d-----w- C:\components

2013-04-19 15:14:21 -------- d-----w- c:\program files\VS Revo Group

2013-04-18 15:45:07 -------- d-----w- c:\users\bmc\appdata\local\SwvUpdater

2013-04-18 15:45:03 -------- d-----w- c:\program files\MyPC Backup

2013-04-18 15:44:44 -------- d-----w- c:\program files\Conduit

2013-04-18 15:44:31 -------- d-----w- c:\users\bmc\appdata\local\Conduit

2013-04-18 15:42:49 -------- d-----w- c:\users\bmc\appdata\local\CRE

2013-04-18 15:42:23 -------- d-----w- c:\users\bmc\appdata\local\Supreme Savings

2013-04-18 13:14:01 6906960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-04-15 13:03:25 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-15 10:16:52 -------- d-----w- c:\program files\ESET

2013-04-12 19:38:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-12 19:38:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-04-12 19:00:28 -------- d-----w- c:\program files\CCleaner

2013-04-11 09:34:27 -------- d-----w- c:\programdata\CDB

2013-04-11 04:50:50 -------- d-----w- c:\program files\DomaIQ Uninstaller

2013-04-11 04:35:21 -------- d-----w- c:\program files\Tuguu SL

2013-04-11 04:24:59 -------- d-----w- c:\users\bmc\appdata\roaming\Yontoo

2013-04-11 04:24:58 -------- d-----w- c:\program files\Yontoo

2013-04-11 04:24:30 -------- d-----w- c:\programdata\Tarma Installer

2013-04-11 03:58:32 -------- d-----w- c:\users\bmc\appdata\roaming\SpeedanAlysis

2013-04-10 14:38:02 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-04-10 14:38:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-04-10 14:38:01 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2013-04-10 14:38:01 149616 ----a-w- c:\program files\internet explorer\sqmapi.dll

2013-04-10 14:38:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2013-04-10 08:24:05 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 08:24:04 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 08:24:03 64000 ----a-w- c:\windows\system32\smss.exe

2013-04-10 08:24:03 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 08:24:00 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 08:23:56 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 08:23:53 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-04-10 08:22:43 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 05:48:06 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8a329c2-2d50-4cc8-a5fd-b02afdcd0905}\gapaengine.dll

2013-04-10 05:15:58 -------- d-----w- c:\program files\Microsoft Security Client

2013-04-10 05:14:25 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2013-04-08 15:19:16 -------- d-----w- c:\users\bmc\appdata\roaming\PerformerSoft

2013-04-08 15:18:59 18096 ----a-w- c:\windows\system32\roboot.exe

2013-04-08 15:18:38 -------- d-----w- c:\users\bmc\appdata\roaming\File Scout

2013-04-08 15:18:22 -------- d-----w- c:\programdata\IBUpdaterService

2013-04-08 14:46:28 -------- d-----w- c:\programdata\????

2013-04-08 14:46:27 -------- d-----w- c:\programdata\?s?s

2013-04-08 14:45:03 -------- d-----w- c:\programdata\????????????????????????p???????

2013-04-08 14:14:28 -------- d-----w- c:\windows\system32\Extensions

2013-04-08 14:14:27 -------- d-----w- c:\windows\system32\searchplugins

2013-04-08 14:13:31 -------- d-----w- c:\program files\SoftwareUpdater

2013-04-08 14:13:00 -------- d-----w- c:\programdata\Babylon

2013-04-08 14:12:59 -------- d-----w- c:\users\bmc\appdata\roaming\Babylon

.

==================== Find3M ====================

.

2013-04-15 13:03:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-11 14:22:56 421200 ----a-w- c:\windows\system32\msvcp100.dll

2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-13 09:19:12 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-01-29 10:30:04 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-01-29 10:30:04 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-01-20 14:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 14:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

============= FINISH: 10:57:11.10 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 03/12/2008 04:15:08

System Uptime: 20/04/2013 09:26:10 (1 hours ago)

.

Motherboard: DIXONSXP | | DIXONSXP

Processor: Genuine Intel® CPU T1600 @ 1.66GHz | U2E1 | 1662/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 138 GiB total, 85.16 GiB free.

E: is CDROM ()

S: is FIXED (NTFS) - 1 GiB total, 1.407 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1361: 11/04/2013 03:45:02 - Scheduled Checkpoint

RP1362: 12/04/2013 00:00:05 - Scheduled Checkpoint

RP1363: 12/04/2013 03:00:16 - Windows Update

RP1364: 12/04/2013 19:36:37 - Removed AVG 2013

RP1365: 12/04/2013 19:41:25 - Removed AVG 2013

RP1366: 13/04/2013 15:41:24 - Scheduled Checkpoint

RP1367: 15/04/2013 14:11:20 - Windows Update

RP1368: 17/04/2013 00:00:01 - Scheduled Checkpoint

RP1369: 18/04/2013 00:00:02 - Scheduled Checkpoint

RP1371: 19/04/2013 16:15:11 - Revo Uninstaller's restore point - AppGraffiti

RP1373: 19/04/2013 16:17:09 - Revo Uninstaller's restore point - SpeedAnalysis.com

RP1375: 19/04/2013 16:18:42 - Revo Uninstaller's restore point - Yontoo 2.051

RP1377: 19/04/2013 16:21:03 - Revo Uninstaller's restore point - VAFPlayer

RP1378: 19/04/2013 16:21:28 - Quitado VAFPlayer

RP1380: 19/04/2013 16:37:54 - Revo Uninstaller's restore point - Search Protect by conduit

RP1382: 19/04/2013 16:40:48 - Revo Uninstaller's restore point - SLOW-PCfighter

RP1383: 19/04/2013 16:41:12 - Windows Update

RP1385: 19/04/2013 16:52:39 - Revo Uninstaller's restore point - Auto Lyrics

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.6)

Agere Systems HDA Modem

BBC iPlayer Download Manager

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG3100 series MP Drivers

Canon MG3100 series On-screen Manual

Canon MG3100 series User Registration

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

CCleaner

Compatibility Pack for the 2007 Office system

CyberLink YouCam

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hardlock Device Drivers

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Inbox Toolbar

Intel® Graphics Media Accelerator Driver

Launch

Macromedia FreeHand 9

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

OGA Notifier 2.0.0048.0

OSD_1.2

Power2Go

Rapport

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Revo Uninstaller 1.92

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SoftwareUpdater

Spare Messaging

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Updater Service

WinCan v7

.

==== Event Viewer Messages From Past Week ========

.

20/04/2013 09:28:10, Error: Service Control Manager [7000] - The Yontoo Desktop Updater service failed to start due to the following error: The system cannot find the file specified.

20/04/2013 09:28:10, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

20/04/2013 09:26:58, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.

20/04/2013 09:26:58, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.81, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

19/04/2013 20:30:04, Error: Service Control Manager [7034] - The Software Updater service terminated unexpectedly. It has done this 1 time(s).

19/04/2013 20:25:58, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

19/04/2013 18:38:00, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

19/04/2013 16:37:26, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface to avoid confusing DHCP clients.

19/04/2013 16:29:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

19/04/2013 16:26:26, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

19/04/2013 16:12:55, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 00030DBABEFC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

19/04/2013 15:22:48, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.

19/04/2013 15:22:42, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

19/04/2013 15:22:38, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.3 with the system having network hardware address 18-0C-AC-01-0D-C4. Network operations on this system may be disrupted as a result.

19/04/2013 15:11:42, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.3. The allocator has disabled itself on the interface to avoid confusing DHCP clients.

19/04/2013 15:11:33, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.209.80, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

19/04/2013 15:10:56, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 18-0C-AC-01-0D-C4. Network operations on this system may be disrupted as a result.

19/04/2013 09:26:14, Error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).

18/04/2013 16:45:09, Error: Service Control Manager [7034] - The Yontoo Desktop Updater service terminated unexpectedly. It has done this 1 time(s).

18/04/2013 12:16:12, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Florist, owned by BMC, failed to print on printer Canon MG3100 series Printer (Copy 1). Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 29320. Total number of pages in the document: 4. Number of pages printed: 0. Client computer: \\BMC-PC. Win32 error code returned by the print processor: 1. Incorrect function.

16/04/2013 17:22:48, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.43.177 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

16/04/2013 17:22:47, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.43.177, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

16/04/2013 17:19:52, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.43.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface to avoid confusing DHCP clients.

16/04/2013 17:19:52, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.43.1 (The DHCP Server sent a DHCPNACK message).

16/04/2013 16:51:41, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.43.1 on the same network as the interface with IP address 192.168.0.3. The allocator has disabled itself on the interface to avoid confusing DHCP clients.

16/04/2013 16:51:37, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.43.1 (The DHCP Server sent a DHCPNACK message).

15/04/2013 13:58:42, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.81 for the Network Card with network address 00225F43F040 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

15/04/2013 11:02:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1778.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee2 Error description: The operation timed out

15/04/2013 10:49:00, Error: EventLog [6008] - The previous system shutdown at 10:22:26 on 15/04/2013 was unexpected.

15/04/2013 10:48:33, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

15/04/2013 10:04:07, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

15/04/2013 09:54:55, Error: Service Control Manager [7022] - The Security Center service hung on starting.

15/04/2013 09:54:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

15/04/2013 09:51:30, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:
Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

Hi, thank you for your prompt reply, here are the contents of the log file.

Kind Regards Dave

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : BMC [Admin rights]

Mode : Scan -- Date : 04/20/2013 12:38:49

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sERVICE] IBUpdaterService -- C:\ProgramData\IBUpdaterService\ibsvc.exe [7] -> STOPPED

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\BMC\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-105220607-637254904-1161492183-1000[...]\Run : Yontoo Desktop ("C:\Users\BMC\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND

[services][bLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> FOUND

[TASK][sUSP PATH] Test TimeTrigger : C:\Users\BMC\AppData\Local\Temp\Runner.exe C:\Users\BMC\AppData\Local\Temp\DNS.exe [-] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++

--- User ---

[MBR] 740159a3135f6fe38a18dde1bb356055

[bSP] 6bfe58ee6068acd5e811bab5ce99779c : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19458048 | Size: 1500 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22530048 | Size: 141625 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04202013_02d1238.txt >>

RKreport[1]_S_04202013_02d1238.txt

Share this post


Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Share this post


Link to post
Share on other sites

Hi again, here are the results.

Regards Dave

aa# AdwCleaner v2.200 - Logfile created 04/20/2013 at 13:12:04

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : BMC - BMC-PC

# Boot Mode : Normal

# Running from : C:\Users\BMC\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : IBUpdaterService

Found : SrvUpdater

Found : Yontoo Desktop Updater

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Users\BMC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Found : C:\Users\BMC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Found : C:\Users\BMC\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\DomaIQ Uninstaller

Folder Found : C:\Program Files\Inbox Toolbar

Folder Found : C:\Program Files\Yontoo

Folder Found : C:\ProgramData\AVG Security Toolbar

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\BMC\AppData\Local\Conduit

Folder Found : C:\Users\BMC\AppData\Local\Supreme Savings

Folder Found : C:\Users\BMC\AppData\Local\SwvUpdater

Folder Found : C:\Users\BMC\AppData\LocalLow\AVG Security Toolbar

Folder Found : C:\Users\BMC\AppData\LocalLow\Conduit

Folder Found : C:\Users\BMC\AppData\LocalLow\Inbox Toolbar

Folder Found : C:\Users\BMC\AppData\LocalLow\PriceGong

Folder Found : C:\Users\BMC\AppData\Roaming\Babylon

Folder Found : C:\Users\BMC\AppData\Roaming\file scout

Folder Found : C:\Users\BMC\AppData\Roaming\PerformerSoft

Folder Found : C:\Users\BMC\AppData\Roaming\SpeedanAlysis

Folder Found : C:\Users\BMC\AppData\Roaming\Yontoo

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\e57888ab03bed45

Key Found : HKCU\Software\Inbox Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\DomaIQ

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\Software\Inbox Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

Key Found : HKLM\Software\Tarma Installer

Key Found : HKU\S-1-5-21-105220607-637254904-1161492183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-105220607-637254904-1161492183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-105220607-637254904-1161492183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\BMC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2444] : homepage = "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN39074246772059120&UM=2",

*************************

AdwCleaner[R1].txt - [9029 octets] - [20/04/2013 13:12:04]

########## EOF - C:\AdwCleaner[R1].txt - [9089 octets] ##########

Share this post


Link to post
Share on other sites

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......Reboot and let me know how it is.....MrC

Share this post


Link to post
Share on other sites

Hi again, here is the log.

Regards Dave

# AdwCleaner v2.200 - Logfile created 04/20/2013 at 13:34:00

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : BMC - BMC-PC

# Boot Mode : Normal

# Running from : C:\Users\BMC\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : IBUpdaterService

Stopped & Deleted : SrvUpdater

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Users\BMC\AppData\LocalLow\AVG Security Toolbar

File Deleted : C:\END

File Deleted : C:\Users\BMC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\BMC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\Users\BMC\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DomaIQ Uninstaller

Folder Deleted : C:\Program Files\Inbox Toolbar

Folder Deleted : C:\Program Files\Yontoo

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\IBUpdaterService

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\BMC\AppData\Local\Conduit

Folder Deleted : C:\Users\BMC\AppData\Local\Supreme Savings

Folder Deleted : C:\Users\BMC\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\BMC\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\BMC\AppData\LocalLow\Inbox Toolbar

Folder Deleted : C:\Users\BMC\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\BMC\AppData\Roaming\Babylon

Folder Deleted : C:\Users\BMC\AppData\Roaming\file scout

Folder Deleted : C:\Users\BMC\AppData\Roaming\PerformerSoft

Folder Deleted : C:\Users\BMC\AppData\Roaming\SpeedanAlysis

Folder Deleted : C:\Users\BMC\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\e57888ab03bed45

Key Deleted : HKCU\Software\Inbox Toolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\DomaIQ

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\Software\Inbox Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

Key Deleted : HKLM\Software\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\BMC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2444] : homepage = "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN39074246772059120&UM[...]

*************************

AdwCleaner[R1].txt - [9158 octets] - [20/04/2013 13:12:04]

AdwCleaner[s1].txt - [8876 octets] - [20/04/2013 13:34:00]

########## EOF - C:\AdwCleaner[s1].txt - [8936 octets] ##########

Laptop appears to be OK.

Share this post


Link to post
Share on other sites

Great......Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Share this post


Link to post
Share on other sites

Here is the log.

Regards Dave

Results of screen317's Security Check version 0.99.62

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Adobe Reader 10.1.6 Adobe Reader out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Adobe Reader 10.1.6 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

Google Chrome 26.0.1410.43 <---OLD

Google Chrome 26.0.1410.64 <---OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

==========================

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Thank you ever so much, you have been fantastic. :D

Kind Regards Dave

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.