Page 1 of 5 123 ... LastLast
Results 1 to 10 of 49
  1. #1
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default Detected threats

    Hi there,
    After some help.
    I am running windows 7 with kaspersky internet security 2014 installed.
    I did a scan before with kaspersky and it detected threats. Kaspersky deleted and disinfected them. I ran a scan straight after and my PC said it was protected.
    I ran Malware bytes, spyware, and hi jack.
    Malware bytes detected 14 threats. Spyware dected 23 and quarantined and removed them
    I have attrached the files if som eone could look at them for me.
    Thank you. Most grateful.
    Kerry.

    UPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/16/2014 at 07:41 PM

    Application Version : 5.7.1018

    Core Rules Database Version : 10981
    Trace Rules Database Version: 8793

    Scan type : Quick Scan
    Total Scan Time : 00:40:19

    Operating System Information
    Windows 7 Home Basic 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 533
    Memory threats detected : 0
    Registry items scanned : 29876
    Registry threats detected : 0
    File items scanned : 7056
    File threats detected : 32

    Adware.Tracking Cookie
    accounts.google.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dmtracker.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .2o7.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradedoubler.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradedoubler.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    solutions.tradedoubler.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradedoubler.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .2o7.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]



    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.01.16.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16476
    admin :: ADMIN-PC [administrator]

    16/01/2014 20:06:52
    mbam-log-2014-01-16 (20-06-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194508
    Time elapsed: 14 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> No action taken.
    HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> No action taken.
    HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> No action taken.
    HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> No action taken.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
    HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken.

    Registry Values Detected: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> No action taken.

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (Mysearchdial Search) Good: (Google) -> No action taken.

    Folders Detected: 2
    C:\Users\admin\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
    C:\Users\admin\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.

    Files Detected: 3
    C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> No action taken.
    C:\Users\admin\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
    C:\Users\admin\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.

    (end)


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 20:56:46, on 16/01/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16428)


    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SOUNDMAN.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\admin\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
    O23 - Service: Update Jump Flip - Unknown owner - C:\Program Files\Jump Flip\updateJumpFlip.exe (file missing)

    --
    End of file - 6284 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Kerry,

    We need you to rescan with MBAM and remove the entries found.
    • Right click on the program icon and choose Run as Administrator to open the program.
    • Click on the Update tab then click on the Check for updates button.
    • Once the program has updated, click on the Scanner tab and select Perform a quick scan.
    • Click the Scan button.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    Next:

    Please download Junkware Removal Tool to your desktop.

    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Next:


    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    In your next reply, please post the following logs:
    MBAM.txt
    JRT.txt
    AdwCleaner[R0].txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    Hi Donna,
    Thanks for helping me.
    Here are the 3 logs as requested.

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.01.16.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16476
    admin :: ADMIN-PC [administrator]

    17/01/2014 08:14:28
    mbam-log-2014-01-17 (08-14-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195075
    Time elapsed: 31 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 6
    HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (Mysearchdial Search) Good: (Google) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (Mysearchdial Search) Good: (Google) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Users\admin\AppData\Local\Temp\is1590112554\2617229_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    C:\Users\admin\Local Settings\Temporary Internet Files\Content.IE5\7ZU0QWJJ\Setup[1].exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.

    (end)



    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Home Basic x86
    Ran by admin on 17/01/2014 at 10:48:58.55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\admin\appdata\local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 17/01/2014 at 11:10:36.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    # AdwCleaner v3.017 - Report created 17/01/2014 at 11:36:41
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)
    # Username : admin - ADMIN-PC
    # Running from : C:\Users\admin\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Windows\System32\Tasks\UpdaterEX
    File Found : C:\Windows\Tasks\UpdaterEX.job
    Folder Found C:\Program Files\Mobogenie
    Folder Found C:\Users\admin\AppData\Local\eSupport.com
    Folder Found C:\Users\admin\AppData\Local\genienext
    Folder Found C:\Users\admin\AppData\Local\Mobogenie
    Folder Found C:\Users\admin\AppData\Roaming\UpdaterEX
    Folder Found C:\Users\admin\Documents\Mobogenie

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\UpdaterEX
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\UpdaterEX
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{264F488A-665D-4127-8EE3-B436451FFB9E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : homepage

    *************************

    AdwCleaner[R0].txt - [1819 octets] - [17/01/2014 11:24:06]
    AdwCleaner[R1].txt - [1739 octets] - [17/01/2014 11:36:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1799 octets] ##########





    Thanks alot
    Kerry

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    You're welcome Kerry!

    MBAM and JRT looks good! Now let's remove what AdwCleaner found....

    Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
      <-insert any special instructions here for what to uncheck OR remove this line if there are none->
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Next:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    In your next reply, please provide the following logs:

    AdwCleaner[S0].txt
    OTL.txt
    Extras.tx


    Also, let me know how the system is functioning now.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    Hi Donna.
    Having a few problems with posting the 3 logs.
    Bear with me.
    http://haker.nie-spamuj.eu/
    Thanks Kerry
    Last edited by PartieHonteuse; 08-10-2014 at 11:51 AM.

  6. #6
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    Hi Donna,
    For some reason.
    Will not let me post all 3 logs.
    I will have to see if it will let me send one at a time.
    Sorry about this.
    Thanks Kerry.
    # AdwCleaner v3.017 - Report created 17/01/2014 at 13:28:53
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)
    # Username : admin - ADMIN-PC
    # Running from : C:\Users\admin\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Mobogenie
    Folder Deleted : C:\Users\admin\AppData\Local\eSupport.com
    Folder Deleted : C:\Users\admin\AppData\Local\genienext
    Folder Deleted : C:\Users\admin\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\admin\AppData\Roaming\UpdaterEX
    Folder Deleted : C:\Users\admin\Documents\Mobogenie
    File Deleted : C:\Windows\Tasks\UpdaterEX.job
    File Deleted : C:\Windows\System32\Tasks\UpdaterEX

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{264F488A-665D-4127-8EE3-B436451FFB9E}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{264F488A-665D-4127-8EE3-B436451FFB9E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKCU\Software\UpdaterEX

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [1819 octets] - [17/01/2014 11:24:06]
    AdwCleaner[R1].txt - [1879 octets] - [17/01/2014 11:36:41]
    AdwCleaner[R2].txt - [1939 octets] - [17/01/2014 13:27:07]
    AdwCleaner[S0].txt - [1943 octets] - [17/01/2014 13:28:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2003 octets] ##########

  7. #7
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    Hi Doona.
    It will not let me send the other 2 log files for OTL.
    When I load them on the page and try to post them I get a message come up saying
    Confirm navigation
    changes made in the editor will be lost
    are you sure that you want to leave this page
    leave this page
    or
    stay on this page

    I click on stay on this page and nothing happens

    It let me send the first log for ADW Cleaner.
    I am so confused
    Thanks Kerry

  8. #8
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    Hi again
    I keep trying different ways.
    It just won't let me.

    Thought it was uploading, it took a long while as the atnbol was just going tound, then the page went blank. Nothing has been added to the popst for the 2 logs.
    What shall I do about the 2 log files.
    Thamnks Kerry.

  9. #9
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    OTL Extras logfile created on: 1/17/2014 1:37:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
    Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16476)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.47 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 60.32% Memory free
    2.94 Gb Paging File | 2.02 Gb Available in Paging File | 68.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 37.30 Gb Total Space | 13.05 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1317317739-3364519379-3153028911-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
    Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10A9D831-27B2-4389-882D-BAC5CDBDBBCA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{21948B4A-87B8-419C-AA27-036481FC3C5E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
    "{4058D3C3-EDB6-4FAE-AAE0-C0DB8B0DACED}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
    "{516CD727-6A7A-44A5-83A2-27195A57A68B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C5684E3A-3D23-42C9-B389-5DF530EF9F97}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{34661366-F18A-47D0-92CE-F11FEC4139B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4F10D1BB-D9AC-4663-BD08-8DB76F590A31}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
    "{564F08A7-7D74-4FA2-BD11-DA0424D8FBB8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{634128C0-C53B-4829-A7CE-F7832148CF3F}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
    "{71C2E126-2C60-45A6-A3F1-1707249066E2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{74F07D99-CEC2-47D9-88A9-C1DA76105077}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B277C9CB-32E5-4ACD-A4DC-9B3A5AFEA5F0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{D9710A93-8BC5-438B-A9BD-A8EFE48112CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{DB84DF05-A24F-4D9D-AC8F-F010EC5615D6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
    "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
    "{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
    "{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
    "{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
    "{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
    "{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
    "{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
    "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
    "{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "CCleaner" = CCleaner
    "C-Media PCI Audio Driver" = C-Media PCI Audio Device
    "Free CD to MP3 Converter" = Free CD to MP3 Converter
    "Google Chrome" = Google Chrome
    "InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
    "Lexmark 730 Series" = Lexmark 730 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 1/17/2014 7:13:50 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
    Description = The lxcf_device service failed to start due to the following error:
    %%1053

    Error - 1/17/2014 7:13:50 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxcf_device
    service to connect.

    Error - 1/17/2014 7:13:50 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
    Description = The lxcf_device service failed to start due to the following error:
    %%1053

    Error - 1/17/2014 9:23:17 AM | Computer Name = admin-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 1/17/2014 9:29:44 AM | Computer Name = admin-PC | Source = DCOM | ID = 10005
    Description =

    Error - 1/17/2014 9:29:44 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxcf_device
    service to connect.

    Error - 1/17/2014 9:29:44 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
    Description = The lxcf_device service failed to start due to the following error:
    %%1053

    Error - 1/17/2014 9:29:45 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxcf_device
    service to connect.

    Error - 1/17/2014 9:29:45 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
    Description = The lxcf_device service failed to start due to the following error:
    %%1053

    Error - 1/17/2014 9:32:06 AM | Computer Name = admin-PC | Source = WMPNetworkSvc | ID = 866300
    Description =


    < End of report >

  10. #10
    Member
    Join Date
    Jul 2009
    Posts
    153
    Points
    1

    Default

    Hi Donna,
    Trying to send the other one, duplicated the OTL extra somehow. Not sure how that happened.
    Sorry.
    Thanks Kerry.

Page 1 of 5 123 ... LastLast