Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer infected, can't find source or how to delete it. PLZ HELP


  • This topic is locked This topic is locked

#1
TDanielek

TDanielek

    New Member

  • Member
  • Pip
  • 3 posts

Hi!

 

I've had my computer in storage after lending it to my younger sister. Now, that i have it up and running there I realize a lot of ads keep on popping up. I am unsure how to find the source of the problem, much less fix it. 

 

Any assistance in this matter would be greatly appreciated!

 

I've pasted the a copy of the log below.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Danielek at 2015-06-03 12:36:37
Running from C:\Users\Danielek\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1935842042-1800119050-1235597994-500 - Administrator - Disabled)
Danielek (S-1-5-21-1935842042-1800119050-1235597994-1000 - Administrator - Enabled) => C:\Users\Danielek
Guest (S-1-5-21-1935842042-1800119050-1235597994-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1935842042-1800119050-1235597994-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 14.2.0.1 - AVG Technologies)
Driver Pro v3.0 (HKLM\...\Driver Pro_is1) (Version: 3.0 - PC Utilities Pro) <==== ATTENTION
Garmin BaseCamp (HKLM\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO U.S. 24K Southwest v2 (HKLM\...\{7CAD9E56-C6BA-4911-A519-AF4DE21C4129}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.135 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iLivid (HKLM\...\iLivid) (Version: 1.92 - Bandoo Media Inc) <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 3.7.6.5 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Searchqu Toolbar (HKLM\...\Searchqu Toolbar) (Version: 4.1.0.2881 - Bandoo Media Inc) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Yontoo 2.04.1 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.04.1 - Yontoo LLC) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Danielek\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Danielek\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Danielek\AppData\Local\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
 
==================== Restore Points =========================
 
03-06-2015 11:46:49 Windows Update
03-06-2015 11:54:07 Removed MOTOROLA MEDIA LINK.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {41509368-B2AC-41B3-96DB-AE496CF0231A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2007-03-01] (Google Inc.)
Task: {457680D2-3A7A-40F6-8E4D-886B8A98FD6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2007-03-01] (Google Inc.)
Task: {52A5C21B-FDE2-4DAF-A1CC-7CA680B46452} - System32\Tasks\{983F34BE-9F84-4330-A5A5-93C779CAE5B4} => pcalua.exe -a C:\Garmin\MapInstall.exe -d C:\Garmin\
Task: {6BBF715D-3D69-4D44-8D5F-D777F5A16780} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1935842042-1800119050-1235597994-1000UA => C:\Users\Danielek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-29] (Google Inc.)
Task: {8AA4517E-750E-436C-B123-49AFEBBA637D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1935842042-1800119050-1235597994-1000Core => C:\Users\Danielek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-29] (Google Inc.)
Task: {95A49598-A6A5-432A-A2DF-227CE012EE15} - System32\Tasks\Norton Security Scan for Danielek => C:\Program Files\Norton Security Scan\Engine\3.7.6.5\Nss.exe [2012-10-22] (Symantec Corporation)
Task: {B775E4B5-4947-419D-953F-8BCDD4E4FDCD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935842042-1800119050-1235597994-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BA4D178A-926B-46BD-BB9F-271B80F9DE66} - System32\Tasks\Test TimeTrigger => C:\Users\Danielek\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {E17F06C6-4C6C-4E97-972A-B4B5848D4769} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-03] (Adobe Systems Incorporated)
Task: {EE70EDF5-82FC-43FA-B9D1-E3103EFE428E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935842042-1800119050-1235597994-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935842042-1800119050-1235597994-1000Core.job => C:\Users\Danielek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935842042-1800119050-1235597994-1000UA.job => C:\Users\Danielek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Danielek.job => C:\PROGRA~1\NORTON~2\Engine\376~1.5\Nss.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-06-06 20:56 - 2005-08-07 22:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2013-03-06 12:47 - 2013-03-06 12:47 - 00968880 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
2013-05-14 02:30 - 2015-06-03 12:15 - 00013600 _____ () C:\Users\Danielek\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
2007-03-01 00:12 - 2015-05-22 13:22 - 01281864 _____ () C:\Users\Danielek\AppData\Local\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2007-03-01 00:12 - 2015-05-22 13:22 - 00080712 _____ () C:\Users\Danielek\AppData\Local\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Danielek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: 24x7HELP => "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files\PCFixSpeed\PCFixTray.exe" /startup
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{171EEC41-A32C-412E-8868-74C0EFD4E974}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{1B3AB075-4559-45B6-AD77-689B65AFB4EF}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [TCP Query User{194D2643-FF8B-4ED4-9623-95CD36C1BFC2}C:\users\danielek\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\danielek\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F9F8742-BB2E-403B-A603-57AF187E5715}C:\users\danielek\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\danielek\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2B767154-034C-45BC-BA05-204C7FE28198}C:\program files\motorola media link\lite\mml.exe] => (Allow) C:\program files\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{CE1BC83F-1D23-49E4-AF17-4241B0A63460}C:\program files\motorola media link\lite\mml.exe] => (Allow) C:\program files\motorola media link\lite\mml.exe
FirewallRules: [TCP Query User{22386547-7223-41F1-9C6A-C4536CF9E178}C:\users\danielek\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\danielek\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{342525AF-A396-4EF9-9F76-BFF9D89B934F}C:\users\danielek\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\danielek\appdata\roaming\spotify\spotify.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2007 00:54:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (06/03/2015 00:12:15 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (06/03/2015 11:54:31 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2015 11:54:27 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2015 11:47:12 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2015 11:47:09 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/01/2007 00:03:14 AM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (03/01/2007 00:03:14 AM) (Source: TPM) (EventID: 2) (User: )
Description: The TPM self test command failed.
 
Error: (03/01/2007 06:55:39 AM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (03/01/2007 06:55:23 AM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (03/01/2007 06:55:23 AM) (Source: TPM) (EventID: 2) (User: )
Description: The TPM self test command failed.
 
 
Microsoft Office:
=========================
Error: (03/01/2007 00:54:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/01/2007 00:54:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 69%
Total physical RAM: 2045.99 MB
Available physical RAM: 621.55 MB
Total Pagefile: 4091.98 MB
Available Pagefile: 2265.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:7.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: F0E1F0E1)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First
Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • Driver Pro v3.0
  • iLivid
  • Searchqu Toolbar
  • Yontoo 2.04.1
If a program will not remove skip it and keep following instructions please.

Farber Recovery Scanner needs to be running from the desktop. You have it in the downloads folder. Please move to desktop
To do that:
  • Navagate to your downloads folder--> C:\Users\Danielek\Downloads
  • In the downloads folder find FRST (Farber recovery scan tool)
  • Right click on it,Choose cut.
  • Go back to the desktop.
  • On an empty space right click, choose paste.
  • Farber will now have been successfully moved to desktop.
No need to another scan after doing that.

Missing log report called FRST.txt

When you first run Farber Recovery Scan tool(FRST) it creates 2 log reports,(FRST.txt & Additions.txt). You posted Additions.txt only

Please post the other log called FRST.txt and then we will be able to continue.

Thanks
Joe :)
  • 0

#3
TDanielek

TDanielek

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I tried to follow your instructions but I was only able to remove:  

  • Searchqu Toolbar
  • iLivid

However, when i attempted to remove:

  • Driver Pro v3.0
  • Yontoo 2.04.1

A dialogue box popped up stating (for Driver Pro v3.0):

 

  • File "C:\Program Files\Driver Pro\unins000.dat" does not exist. Cannot uninstall.

 

A dialogue box popped up stating (for Yontoo 2.04.1):

  • C:\PROGRA~2\TARMAI~1\{889DF~1\Setup.dat

          Error 2 while loading archive: 

          The system cannot find the file specified 

 

 

In regards to moving the Farber Recovery Scanner to the desktop. I have moved it to the desktop as requested.

 

Here is the missing report you need. Thanks for your help and look forward to a speedy reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by Danielek (administrator) on DANIELEK-PC on 03-06-2015 12:35:59
Running from C:\Users\Danielek\Downloads
Loaded Profiles: Danielek (Available Profiles: Danielek)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PCRx.com, LLC) C:\Program Files\24x7Help\App24x7Svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bandoo Media, inc) C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Yontoo LLC) C:\Users\Danielek\AppData\Roaming\Yontoo\YontooDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Users\Danielek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danielek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danielek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danielek\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(OldTimer Tools) C:\Users\Danielek\Downloads\OTL.exe
(Google Inc.) C:\Users\Danielek\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1825720 2012-07-08] (Bandoo Media, inc)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1151152 2013-03-06] ()
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Run: [Google Update] => C:\Users\Danielek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-29] (Google Inc.)
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Run: [Yontoo Desktop] => C:\Users\Danielek\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-05] (Yontoo LLC)
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Run: [Driver Pro] => C:\Program Files\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\MountPoints2: {a04cb851-ee11-11e1-b74d-0090f55d5306} - E:\setup.exe -a
Startup: C:\Users\Danielek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-10-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> DefaultScope {A171DA25-1D47-422D-BBFA-4D9D8B79DD65} URL = http://search.condui...974068462760027
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...0000090f55d5306
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2013-03-0612:47:55&v=14.2.0.1&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {A171DA25-1D47-422D-BBFA-4D9D8B79DD65} URL = http://search.condui...974068462760027
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll [2013-03-06] ()
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll [2012-07-08] (Bandoo Media, inc)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2007-03-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll [2013-03-05] (Yontoo LLC)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll [2013-03-06] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2007-03-01] (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll [2013-03-06] ()
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll [2013-03-06] (AVG Technologies)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-01-28] (GARMIN Corp.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-03-06] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2007-03-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2007-03-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1935842042-1800119050-1235597994-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2007-03-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1935842042-1800119050-1235597994-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Danielek\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2007-03-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1935842042-1800119050-1235597994-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danielek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1 [2013-03-06]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-06]
FF HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
 
Chrome: 
=======
CHR Profile: C:\Users\Danielek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Danielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-03]
CHR Extension: (RealDownloader) - C:\Users\Danielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-11]
CHR Extension: (WhiteSmoke New) - C:\Users\Danielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-04-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Danielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Google Wallet) - C:\Users\Danielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Danielek\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-04]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.2.0.1\avg.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [Not Found]
CHR HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Danielek\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-04]
StartMenuInternet: Google Chrome - C:\Users\Danielek\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 24x7HelpSvc; C:\Program Files\24x7Help\App24x7Svc.exe [342168 2012-11-30] (PCRx.com, LLC)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
R2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-03-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
R2 Yontoo Desktop Updater; C:\Users\Danielek\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-05] (Yontoo LLC)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-03-06] (AVG Technologies)
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [7545088 2009-03-06] (NVIDIA Corporation) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 12:35 - 2015-06-03 12:36 - 00016550 _____ C:\Users\Danielek\Downloads\FRST.txt
2015-06-03 12:34 - 2015-06-03 12:34 - 00001118 _____ C:\Users\Danielek\Desktop\FRST - Shortcut.lnk
2015-06-03 12:32 - 2015-06-03 12:36 - 00000000 ____D C:\FRST
2015-06-03 12:32 - 2015-06-03 12:32 - 01147392 _____ (Farbar) C:\Users\Danielek\Downloads\FRST.exe
2015-06-03 12:12 - 2015-06-03 12:12 - 00051428 _____ C:\Users\Danielek\Downloads\Extras.Txt
2015-06-03 12:11 - 2015-06-03 12:11 - 01493524 _____ C:\Users\Danielek\Downloads\OTL.Txt
2015-06-03 11:58 - 2015-06-03 11:58 - 00602112 _____ (OldTimer Tools) C:\Users\Danielek\Downloads\OTL.exe
2015-06-03 11:54 - 2015-06-03 11:54 - 00000005 _____ C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 12:15 - 2013-03-06 12:46 - 00000000 ____D C:\Users\Danielek\AppData\Roaming\Yontoo
2015-06-03 12:07 - 2012-07-19 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-06-03 11:55 - 2012-08-27 13:22 - 00000000 ____D C:\Users\Danielek\AppData\Local\Motorola
2015-06-03 11:54 - 2012-08-27 13:21 - 00000000 ____D C:\ProgramData\Nero
2015-06-03 11:54 - 2011-09-26 20:56 - 00000000 ____D C:\Binaries
2015-06-03 11:51 - 2009-07-13 21:34 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 11:51 - 2009-07-13 21:34 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 11:49 - 2012-05-28 12:37 - 01451936 _____ C:\Windows\WindowsUpdate.log
2015-06-03 11:47 - 2012-07-28 22:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 11:47 - 2012-05-29 09:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-03 11:47 - 2012-05-29 09:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-04-16 12:09 - 2013-04-16 12:09 - 0000000 _____ () C:\ProgramData\2c283d3d2a3e3c23442337_c
 
Some files in TEMP:
====================
C:\Users\Danielek\AppData\Local\Temp\DNS.exe
C:\Users\Danielek\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Danielek\AppData\Local\Temp\installhelper.dll
C:\Users\Danielek\AppData\Local\Temp\lowproc.exe
C:\Users\Danielek\AppData\Local\Temp\MML_Installer-v1.5.2060.2_signed.exe
C:\Users\Danielek\AppData\Local\Temp\nsa237E.exe
C:\Users\Danielek\AppData\Local\Temp\nsaA365.exe
C:\Users\Danielek\AppData\Local\Temp\nsf820.exe
C:\Users\Danielek\AppData\Local\Temp\nsl979.exe
C:\Users\Danielek\AppData\Local\Temp\nszD492.exe
C:\Users\Danielek\AppData\Local\Temp\oi_{7E186A1A-15CC-4B9A-A0E4-712580C955D6}.exe
C:\Users\Danielek\AppData\Local\Temp\ose00000.exe
C:\Users\Danielek\AppData\Local\Temp\Runner.exe
C:\Users\Danielek\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Danielek\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Danielek\AppData\Local\Temp\SPStub.exe
C:\Users\Danielek\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Danielek\AppData\Local\Temp\stubhelper.dll
C:\Users\Danielek\AppData\Local\Temp\tbWhi0.dll
C:\Users\Danielek\AppData\Local\Temp\uninst1.exe
C:\Users\Danielek\AppData\Local\Temp\Updater.exe
C:\Users\Danielek\AppData\Local\Temp\UpdUninstall.exe
C:\Users\Danielek\AppData\Local\Temp\wajam_install.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-04-14 19:48
 

 

==================== End of log ============================

 

 

 

 

 

 

     


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hello,

Give me a bit of time to look over log and we can start some fixing.

Thanks
Joe :)
  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
Task: {BA4D178A-926B-46BD-BB9F-271B80F9DE66} - System32\Tasks\Test TimeTrigger => C:\Users\Danielek\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
C:\Users\Danielek\AppData\Local\Temp\Runner.exe
FirewallRules: [{171EEC41-A32C-412E-8868-74C0EFD4E974}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{1B3AB075-4559-45B6-AD77-689B65AFB4EF}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
C:\Users\Danielek\AppData\Roaming\Yontoo
C:\Program Files\Searchqu Toolbar
C:\Program Files\Common Files\AVG Secure Search
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1825720 2012-07-08] (Bandoo Media, inc)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1151152 2013-03-06] ()
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Run: [Yontoo Desktop] => C:\Users\Danielek\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-05] (Yontoo LLC)
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\Run: [Driver Pro] => C:\Program Files\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
HKU\S-1-5-21-1935842042-1800119050-1235597994-1000\...\MountPoints2: {a04cb851-ee11-11e1-b74d-0090f55d5306} - E:\setup.exe -a
C:\Program Files\Driver Pro
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> DefaultScope {A171DA25-1D47-422D-BBFA-4D9D8B79DD65} URL = http://search.condui...974068462760027
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...0000090f55d5306
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2013-03-0612:47:55&v=14.2.0.1&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> {A171DA25-1D47-422D-BBFA-4D9D8B79DD65} URL = http://search.condui...974068462760027
SearchScopes: HKU\S-1-5-21-1935842042-1800119050-1235597994-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll [2013-03-06] ()
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll [2012-07-08] (Bandoo Media, inc)
BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll [2013-03-05] (Yontoo LLC)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll [2013-03-06] ()
C:\Program Files\Common Files\AVG Secure Search
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll [2013-03-06] (AVG Technologies)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1 [2013-03-06]
R2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-03-06] ()
R2 Yontoo Desktop Updater; C:\Users\Danielek\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-05] (Yontoo LLC)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • Fixlog.txt found on desktop after fix has run.
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP