Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SlimCleaner Plus Removal [Solved]


  • This topic is locked This topic is locked

#1
J.B.

J.B.

    New Member

  • Member
  • Pip
  • 4 posts

Hello,

 

My computer is infected with the SlimCleaner Plus tool. Malwarebytes software won't get rid of it and it opens by itself every time I start my computer. I have tried uninstalling it from the Control Panel to no avail.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Jason (administrator) on JASONSPC on 10-05-2015 17:26:04
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165056 2014-11-17] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\MountPoints2: {341b1e8f-799d-11de-b766-0018390f34c7} - H:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-04-14]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-07-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-07-22]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-11-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser 미디어 검사 도구.lnk [2009-08-06]
ShortcutTarget: Picture Motion Browser 미디어 검사 도구.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-4116279430-165223371-606681180-1000 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> {AA1B71EF-39AD-425F-8AAD-3E55E5494F98} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-08] (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Jason\Documents\CKKeyPro_Installer_Multi.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.hotmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [2014-08-24] (SoftForum Co., Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\user.js [2014-09-08]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-03-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-03-30] (Apple Inc.)
FF SearchPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\searchplugins\mywebsearch.xml [2011-01-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-09]
FF Extension: YouTube mp3 - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\Extensions\[email protected] [2014-11-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Firefox\Extensions: [{FCB5AF80-B719-49EE-9BD3-89D3E5B648AF}] - C:\Users\Jason\AppData\Local\{FCB5AF80-B719-49EE-9BD3-89D3E5B648AF}
FF HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-11-17] (SlimWare Utilities, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 JRSKD24; C:\Windows\system32\JRSKD24.SYS [21304 2014-08-24] (SoftForum Corporation)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [12728 2014-08-24] (SoftForum Corporation)
S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2014-08-24] (Kings Information & Network)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 17:26 - 2015-05-10 17:26 - 00017832 _____ () C:\Users\Jason\Desktop\FRST.txt
2015-05-10 17:24 - 2015-05-10 17:26 - 00000000 ____D () C:\FRST
2015-05-10 17:24 - 2015-05-10 17:24 - 01141248 _____ (Farbar) C:\Users\Jason\Desktop\FRST.exe
2015-05-10 15:55 - 2015-05-10 15:55 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 14:37 - 2015-04-23 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-14 23:20 - 2015-03-08 18:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-04 19:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:09 - 2015-03-13 19:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:09 - 2015-03-12 18:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-14 23:09 - 2015-03-12 18:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:09 - 2015-03-04 19:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:09 - 2015-03-04 19:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:51 - 2015-03-09 16:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:51 - 2015-03-09 16:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 22:51 - 2015-03-09 16:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:51 - 2015-03-09 16:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:51 - 2015-03-09 15:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:51 - 2015-03-09 15:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 22:51 - 2015-03-09 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 22:51 - 2015-03-09 15:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 22:51 - 2015-03-09 15:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 22:51 - 2015-03-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 22:51 - 2015-03-09 15:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 22:51 - 2015-03-09 15:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 17:23 - 2006-11-02 05:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 17:23 - 2006-11-02 05:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 17:10 - 2012-04-11 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-10 16:17 - 2009-07-07 20:10 - 01525048 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 15:56 - 2014-08-14 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 15:55 - 2014-08-14 18:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-10 15:52 - 2014-12-07 06:52 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job
2015-05-07 09:19 - 2011-06-23 14:55 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2015-04-28 21:35 - 2006-11-02 05:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 21:34 - 2012-04-25 16:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-28 21:33 - 2006-11-02 05:58 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-22 02:25 - 2011-03-02 00:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Windows Live
2015-04-15 00:11 - 2012-04-11 12:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 00:11 - 2011-05-22 23:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 00:09 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-14 23:20 - 2013-07-13 09:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 23:11 - 2006-11-02 03:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 23:10 - 2009-07-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 23:08 - 2006-11-02 03:33 - 00763092 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 09:37 - 2014-08-14 18:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-08-14 18:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2010-12-21 22:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2009-07-22 23:38 - 2009-07-22 23:38 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\wklnhst.dat
2010-09-25 21:51 - 2015-02-22 17:49 - 0000680 _____ () C:\Users\Jason\AppData\Local\d3d9caps.dat
2009-07-22 23:48 - 2010-01-10 20:41 - 0004608 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-24 02:16 - 2011-01-31 16:25 - 0000120 _____ () C:\Users\Jason\AppData\Local\Gdinovoxa.dat
2011-01-24 02:16 - 2011-01-31 02:30 - 0000000 _____ () C:\Users\Jason\AppData\Local\Wtipejivulu.bin
2011-01-31 07:13 - 2011-01-31 16:31 - 0000512 _____ () C:\ProgramData\cyFWUUQY
2011-01-24 02:17 - 2011-01-31 04:10 - 0000520 _____ () C:\ProgramData\gcR7HTP4OWq0
2009-07-25 22:30 - 2014-08-24 16:33 - 0001215 _____ () C:\ProgramData\hpzinstall.log
2011-01-24 02:17 - 2011-01-31 07:47 - 0000272 _____ () C:\ProgramData\~gcR7HTP4OWq0
2011-01-24 02:17 - 2011-01-24 02:17 - 0000168 _____ () C:\ProgramData\~gcR7HTP4OWq0r

Files to move or delete:
====================
C:\Users\Jason\OJJ5700_Basic_8.exe


Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\autorun.dll
C:\Users\Jason\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Jason\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Jason\AppData\Local\Temp\install_flashplayer11x32_mssa_aih.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 09:42

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Jason at 2015-05-10 17:27:12
Running from C:\Users\Jason\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4116279430-165223371-606681180-500 - Administrator - Disabled)
Guest (S-1-5-21-4116279430-165223371-606681180-501 - Limited - Enabled) => C:\Users\Guest
Jason (S-1-5-21-4116279430-165223371-606681180-1000 - Administrator - Enabled) => C:\Users\Jason

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ClientKeeper KeyPro with E2E for 32bit (HKLM\...\XecureCK) (Version:  - SoftForum Co. Ltd.)
Compact Wireless-G USB Network Adapter with SpeedBooster (HKLM\...\{65563451-00B6-458C-9F9A-03A7757355A6}) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Enterprise (Version: 50.0.165.000 - Hewlett-Packard) Hidden
HP Officejet All-In-One Series (HKLM\...\{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}) (Version: 1.0 - HP)
HP Officejet J5700 AiO Series Corporate Edition 8.0 (HKLM\...\{8AFE6E90-060E-4774-861B-2408299A357C}) (Version: 1.0 - HP)
HP Support Solutions Framework (HKLM\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - )
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SlimCleaner Plus (HKLM\...\{367ADFA6-09FD-43D8-94D7-C205EC9383DD}) (Version: 1.0.25242 - SlimWare Utilities, Inc.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.01.12110 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4116279430-165223371-606681180-1000_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File

==================== Restore Points  =========================

31-03-2015 02:17:25 Windows Update
31-03-2015 23:42:49 Scheduled Checkpoint
03-04-2015 12:27:21 Scheduled Checkpoint
03-04-2015 21:37:57 Windows Update
05-04-2015 21:15:41 Scheduled Checkpoint
06-04-2015 13:10:28 Scheduled Checkpoint
06-04-2015 23:05:01 Windows Update
08-04-2015 14:05:47 Scheduled Checkpoint
09-04-2015 22:28:00 Scheduled Checkpoint
10-04-2015 02:00:25 Windows Update
11-04-2015 01:01:23 Scheduled Checkpoint
11-04-2015 15:30:05 Scheduled Checkpoint
14-04-2015 00:19:18 Windows Update
14-04-2015 13:10:43 Scheduled Checkpoint
14-04-2015 23:02:55 Windows Update
19-04-2015 15:22:01 Scheduled Checkpoint
21-04-2015 15:45:14 Windows Update
27-04-2015 23:30:57 Windows Update
29-04-2015 15:00:39 Scheduled Checkpoint
01-05-2015 14:34:10 Windows Update
05-05-2015 02:22:05 Windows Update
08-05-2015 19:57:08 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-06-23 18:44 - 2012-06-23 18:44 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02F62845-79AE-424E-AD40-80A0B8CDB5E6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Jason) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-11-17] (SlimWare Utilities, Inc.)
Task: {71F67AD8-7686-49E3-877D-191FEF69FD9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {95D3CED1-88FE-4437-8722-86A4A315E307} - System32\Tasks\{EEC36302-84C6-457D-AB1C-8C0C58D512B8} => pcalua.exe -a F:\setup.exe -d F:\
Task: {96F20077-BFA0-45F4-A712-AD8B01A26FF1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jason => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{8260AB58-C28E-427B-9F80-5C0C8EFB9375}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\2d0d6a3fb1ef094ef224bb8adbcf8f33\VistaBridgeLibrary.ni.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll
2009-04-09 14:29 - 2009-04-09 14:29 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-03 16:51 - 2009-11-03 16:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-11-17 13:57 - 2014-11-17 13:57 - 00671040 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2015-04-15 00:11 - 2015-04-15 00:11 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7173 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4116279430-165223371-606681180-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1 - 184.16.33.54

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{A60F9C66-CABD-4866-B5E9-39781E880CEB}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{A36DF11D-6F79-4A45-84EE-94771D86C504}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{9FB34426-F81A-4F25-8CBC-E3619B965072}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8D8035D1-C1E5-4610-A11A-93C949CA5220}] => (Allow) svchost.exe
FirewallRules: [{E9F5691B-486B-4EF8-8678-33ABAEA22DD8}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{5E03F668-4309-4B3D-8F04-7A3FF0349C56}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C79F6227-8C01-4840-AD96-97ADCBF78F0A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5CCE2860-7B86-4037-BEF6-E1F5D671C90F}] => (Allow) LPort=80
FirewallRules: [{CCA14EA5-1C5F-42A7-95C0-71E779E72E83}] => (Allow) LPort=80
FirewallRules: [{45F40409-7D0C-4562-BC8A-C64AEC8F8C2C}] => (Allow) LPort=80
FirewallRules: [{C57A48C4-3C70-4BAA-A05B-D3E16A25B3A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD53B55C-53E2-4A34-840D-7BCC1E6F88DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB3396F5-12D1-4D18-BE35-B48074F32FA0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{832BCA91-09A3-4376-972A-5A25D1B56149}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0E9240AB-4BB2-4BCE-BDDF-8094273EEC1A}] => (Allow) LPort=2869
FirewallRules: [{BE54C1CF-0019-426F-BD29-BDB49A27CBCE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{D40F1E72-C1D0-41DC-9B52-020B985C3D4C}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D40EA6CF-6B34-455D-8E1E-E8F1CF4B967A}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{E54CB611-28C8-4347-AD04-0B56B5205411}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{77CEDC2E-B211-4FE0-97FC-DF012519E75C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6557DD1A-AEC1-455E-86FE-EBD6D24ECAF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2015 10:53:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16162

Error: (05/09/2015 10:53:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16162

Error: (05/09/2015 10:53:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/09/2015 03:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17300

Error: (05/09/2015 03:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17300

Error: (05/09/2015 03:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/08/2015 08:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33743

Error: (05/08/2015 08:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33743

Error: (05/08/2015 08:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/08/2015 08:28:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17472


System errors:
=============
Error: (05/10/2015 03:54:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000slsvc

Error: (05/09/2015 03:01:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000slsvc

Error: (05/09/2015 02:59:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000LanmanWorkstation

Error: (05/07/2015 07:27:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (05/07/2015 01:55:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (05/06/2015 00:47:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000slsvc

Error: (05/05/2015 06:32:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (05/05/2015 02:22:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Volume Shadow Copy%%1053

Error: (05/05/2015 02:22:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Volume Shadow Copy

Error: (05/05/2015 02:22:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-10 17:27:03.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:27:01.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:27:00.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:59.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:57.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:56.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:55.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:54.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:23.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-10 17:26:22.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 450 @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 2012.32 MB
Available physical RAM: 590.5 MB
Total Pagefile: 4269.88 MB
Available Pagefile: 2350.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:198.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E341BB4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings J.B. and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

I'm just going through your logs and will be responding again shortly.


  • 0

#3
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hello again. ok let's get started.

 

Step 1
FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   2.65KB   114 downloadsand save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.
 

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

 

 

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

Items I need to see in your next post:

  • FRST Fixlog
  • JRT Log
  • ADWcleaner scan report


  • 1

#4
J.B.

J.B.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hello, I've followed all instructions and pasted the logs below.

 

FRST Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Jason at 2015-05-24 16:14:41 Run:1
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available Profiles: Jason & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165056 2014-11-17] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-4116279430-165223371-606681180-1000\...\MountPoints2: {341b1e8f-799d-11de-b766-0018390f34c7} - H:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-4116279430-165223371-606681180-1000 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-4116279430-165223371-606681180-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Jason\Documents\CKKeyPro_Installer_Multi.exe
FF SearchPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\searchplugins\mywebsearch.xml [2011-01-26]
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-11-17] (SlimWare Utilities, Inc.)
C:\Program Files\SlimService
2015-05-10 15:52 - 2014-12-07 06:52 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job
2011-01-24 02:16 - 2011-01-31 16:25 - 0000120 _____ () C:\Users\Jason\AppData\Local\Gdinovoxa.dat
2011-01-24 02:16 - 2011-01-31 02:30 - 0000000 _____ () C:\Users\Jason\AppData\Local\Wtipejivulu.bin
2011-01-31 07:13 - 2011-01-31 16:31 - 0000512 _____ () C:\ProgramData\cyFWUUQY
2011-01-24 02:17 - 2011-01-31 04:10 - 0000520 _____ () C:\ProgramData\gcR7HTP4OWq0
2011-01-24 02:17 - 2011-01-31 07:47 - 0000272 _____ () C:\ProgramData\~gcR7HTP4OWq0
2011-01-24 02:17 - 2011-01-24 02:17 - 0000168 _____ () C:\ProgramData\~gcR7HTP4OWq0r
C:\Users\Jason\OJJ5700_Basic_8.exe
CustomCLSID: HKU\S-1-5-21-4116279430-165223371-606681180-1000_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
Task: {02F62845-79AE-424E-AD40-80A0B8CDB5E6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Jason) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-11-17] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
emptytemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus => value Removed successfully.
"HKU\S-1-5-21-4116279430-165223371-606681180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{341b1e8f-799d-11de-b766-0018390f34c7}" => key Removed successfully.
HKCR\CLSID\{341b1e8f-799d-11de-b766-0018390f34c7} => key not found.
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d} => value Removed successfully.
"HKCR\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}" => key Removed successfully.
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value Removed successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value Removed successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
HKU\S-1-5-21-4116279430-165223371-606681180-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}" => key Removed successfully.
"HKCR\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}" => key Removed successfully.
C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\0a4k4w41.default\searchplugins\mywebsearch.xml => Moved successfully.
SlimService => Service stopped successfully.
SlimService => Service Removed successfully.

"C:\Program Files\SlimService" folder move:

Could not move "C:\Program Files\SlimService" folder => Scheduled to move on reboot.

C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job => Moved successfully.
C:\Users\Jason\AppData\Local\Gdinovoxa.dat => Moved successfully.
C:\Users\Jason\AppData\Local\Wtipejivulu.bin => Moved successfully.
C:\ProgramData\cyFWUUQY => Moved successfully.
C:\ProgramData\gcR7HTP4OWq0 => Moved successfully.
C:\ProgramData\~gcR7HTP4OWq0 => Moved successfully.
C:\ProgramData\~gcR7HTP4OWq0r => Moved successfully.
C:\Users\Jason\OJJ5700_Basic_8.exe => Moved successfully.
HKU\S-1-5-21-4116279430-165223371-606681180-1000_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F62845-79AE-424E-AD40-80A0B8CDB5E6}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F62845-79AE-424E-AD40-80A0B8CDB5E6}" => key Removed successfully.
C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Jason) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Jason)" => key Removed successfully.
C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jason).job not found.
C:\ProgramData\TEMP => ":5D432CE3" ADS Removed successfully..
C:\ProgramData\TEMP => ":A8ADE5D8" ADS Removed successfully..
C:\ProgramData\TEMP => ":D287FACF" ADS Removed successfully..
C:\ProgramData\TEMP => ":DFC5A2B2" ADS Removed successfully..
EmptyTemp: => Removed 1.6 GB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 16:20:43)<=

C:\Program Files\SlimService => is moved successfully

==== End of Fixlog 16:20:43 ====

 

 

 

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows Vista ™ Home Basic x86
Ran by Jason on Sun 05/24/2015 at 16:25:15.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA1B71EF-39AD-425F-8AAD-3E55E5494F98}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Jason\appdata\local\{64CA2634-41C6-4B3F-9B26-3FCF80284E5B}
Successfully deleted: [Empty Folder] C:\Users\Jason\appdata\local\{7A2F2E08-4778-46C6-8531-29BD71058424}
Successfully deleted: [Empty Folder] C:\Users\Jason\appdata\local\{DCD077DD-1CB2-4DDB-AB43-DE87F5E0C1E5}
Successfully deleted: [Folder] C:\Program Files\slimcleaner plus
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\slimcleaner plus
Successfully deleted: [Folder] C:\ProgramData\slimware utilities inc
Successfully deleted: [Folder] C:\Users\Jason\local settings\application data\downloaded installers
Successfully deleted: [Folder] C:\Users\Jason\local settings\application data\slimware utilities inc



~~~ FireFox

Successfully deleted: [File] C:\Users\Jason\AppData\Roaming\mozilla\firefox\profiles\0a4k4w41.default\user.js
Successfully deleted: [File] C:\Users\Jason\AppData\Roaming\mozilla\firefox\profiles\0a4k4w41.default\invalidprefs.js
Successfully deleted the following from C:\Users\Jason\AppData\Roaming\mozilla\firefox\profiles\0a4k4w41.default\prefs.js

user_pref(browser.search.hiddenOneOffs, Yahoo,Bing,DuckDuckGo,eBay,My Web Search,Twitter);
Emptied folder: C:\Users\Jason\AppData\Roaming\mozilla\firefox\profiles\0a4k4w41.default\minidumps [2022 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/24/2015 at 16:29:13.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner Report:

 

# AdwCleaner v4.205 - Logfile created 24/05/2015 at 16:31:31
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [Server]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Jason - JASONSPC
# Running from : C:\Users\Jason\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\edgujrd6.default\searchplugins\mywebsearch.xml
File Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ia863ttn.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8075
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8663977e-01e4-4f5c-b343-4675834e8a9f}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d1a84cb-3e2b-4cce-b7b7-d0214959f011}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aed6e119-4324-4e26-956b-6ad9acef9e7e}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb39f555-997f-45cb-8086-e5e6e2866daf}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e59567b2-2035-4a62-8b1e-f27a426bbca9}
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2207 bytes] - [24/05/2015 16:31:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2266 bytes] ##########
 

 

Thank you for your help.

Joseph


  • 0

#5
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, that's great thanks, sorry I wasn't a bit quicker, been away for the bank holiday.
 
Let's move on :D
 

Step 1
 
adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step 2
 
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
     

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Items I need to see in your next post:

  • ADWcleaner clean report
  • Malwarebytes report
  • ESET log
  • How are things looking now?

  • 0

#6
J.B.

J.B.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

AdwCleaner[S0].txt:

 

 

# AdwCleaner v4.206 - Logfile created 31/05/2015 at 16:46:23
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Server]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Jason - JASONSPC
# Running from : C:\Users\Jason\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\edgujrd6.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ia863ttn.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2345 bytes] - [24/05/2015 16:31:31]
AdwCleaner[R1].txt - [1456 bytes] - [31/05/2015 16:41:32]
AdwCleaner[S0].txt - [1393 bytes] - [31/05/2015 16:46:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1452  bytes] ##########

 

 

 

MalwareBytes Report:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/31/2015
Scan Time: 4:52:49 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.31.03
Rootkit Database: v2015.05.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Jason

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366168
Time Elapsed: 34 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8663977E-01E4-4F5C-B343-4675834E8A9F}, Quarantined, [0d220a909af0e1554b08a0da18edaa56],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9D1A84CB-3E2B-4CCE-B7B7-D0214959F011}, Quarantined, [ce611684078354e296bd205ab45119e7],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AED6E119-4324-4E26-956B-6AD9ACEF9E7E}, Quarantined, [fc33b5e5b7d3ce68510283f7aa5b649c],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB39F555-997F-45CB-8086-E5E6E2866DAF}, Quarantined, [2807bddda5e586b0b89b39419372f907],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E59567B2-2035-4A62-8B1E-F27A426BBCA9}, Quarantined, [48e744563852ac8a6fe4ee8c49bce917],

Registry Values: 5
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8663977e-01e4-4f5c-b343-4675834e8a9f}|AppPath, C:\Program Files\OnlineMapFinder_9p\bar\1.bin, Quarantined, [0d220a909af0e1554b08a0da18edaa56]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9d1a84cb-3e2b-4cce-b7b7-d0214959f011}|AppPath, C:\Program Files\OnlineMapFinder_9p\bar\1.bin, Quarantined, [ce611684078354e296bd205ab45119e7]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{aed6e119-4324-4e26-956b-6ad9acef9e7e}|AppPath, C:\Program Files\OnlineMapFinder_9p\bar\1.bin, Quarantined, [fc33b5e5b7d3ce68510283f7aa5b649c]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cb39f555-997f-45cb-8086-e5e6e2866daf}|AppPath, C:\Program Files\OnlineMapFinder_9p\bar\1.bin, Quarantined, [2807bddda5e586b0b89b39419372f907]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e59567b2-2035-4a62-8b1e-f27a426bbca9}|AppPath, C:\Program Files\OnlineMapFinder_9p\bar\1.bin, Quarantined, [48e744563852ac8a6fe4ee8c49bce917]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

ESET Log:

 

 

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

 

 

The computer seems clean now - I don't see the SlimCleaner Plus software anymore. Seems good to me, thanks so much for your help. Let me know if anything else needs to be done.

 

Thanks

Joseph


  • 0

#7
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

If all is running good then we can clean up :)

 

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.

  • ESET Online Scanner

Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows Vista
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptSafe add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
  • Click the "Download button under "JRE".
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 8u25 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update
    • Java 8 (64-bit)
    • Java SE Development Kit 8
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:

  • Right click the  jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.

Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#8
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP