Results 1 to 6 of 6
  1. #1
    Member KoKo's Avatar
    Join Date
    Dec 2005
    Location
    Cardiff, Wales
    Posts
    46
    Points
    0

    Default log files for checking please

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/15/2015 at 05:20 AM

    Application Version : 6.0.1194
    Database Version : 11874

    Scan type : Complete Scan
    Total Scan Time : 00:23:41

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Administrator

    Memory items scanned : 505
    Memory threats detected : 0
    Registry items scanned : 61165
    Registry threats detected : 0
    File items scanned : 26326
    File threats detected : 74

    Adware.Tracking Cookie
    C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPEL7XQ9.txtC:\USERS\PETER\AppData\Roaming\Microsoft

    \Windows\Cookies\Low\HPEL7XQ9.txt [ Cookieeter@pro-market.net/ ]
    C:\USERS\PETER\AppData\Roaming\Microsoft\Windows\Cookies\Low\U4287U82.txtC:\USERS\PETER\AppData\Roaming\Microsoft

    \Windows\Cookies\Low\U4287U82.txt [ Cookieeter@doubleclick.net/ ]
    .doubleclick.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionpro.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionpro.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    c1.adform.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .atdmt.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .clickfuse.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .247realmedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www4.smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www4.smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .uk.at.atwola.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .247realmedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .uk.at.atwola.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .weborama.fr [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .weborama.fr [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    aimfar.solution.weborama.fr [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .uk.at.atwola.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .microsoftwindows.112.2o7.net [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    ww251.smartadserver.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .tribalfusion.com [ C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

    Adware.InstallCore/Variant
    C:\PROGRAM FILES (X86)\FOXTABMUSICCONVERTER\AUDIOCONVERTER.EXE

    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 15/05/2015
    Scan Time: 07:33:07
    Logfile: malware scan.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.14.05
    Rootkit Database: v2015.05.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: PETER

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 357418
    Time Elapsed: 24 min, 22 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 18
    PUP.Optional.PutLockerDownloader.A, HKLM\SOFTWARE\CLASSES\PutLockerDownloader, Quarantined,

    [c8c58f04a6e439fdf95b402ccf36af51],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6F5741-EAF9-4C16-A9CA-

    5B67DB81CBEC}, Quarantined, [4647afe4068446f085652d3fb84d1de3],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D395A326-DA75-4321-B172-

    3165AAB61E71}, Quarantined, [dfae7b181a70d75f4e9e412b0cf9cf31],
    PUP.Optional.PutLockerDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PutLockerDownloader, Quarantined,

    [1b7210835238f5410e46f97345c03ec2],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6F5741-EAF9

    -4C16-A9CA-5B67DB81CBEC}, Quarantined, [1f6e8e05d2b8f64011d9a1cbbd48f40c],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D395A326-DA75

    -4321-B172-3165AAB61E71}, Quarantined, [06874f44d9b177bf03e99bd1f90ca759],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{15711F0B-E217-4615-BF6F-263BD3572F27}, Quarantined, [8d009201c1c978bee3065b11a65ffb05],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{2E6F5741-EAF9-4C16-A9CA-5B67DB81CBEC}, Quarantined, [e6a79ff40e7c49ed8463fe6e5baa936d],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{4C3B2E13-9ECA-48E7-8C45-B4E8FF13E9C4}, Quarantined, [2e5ffc9756347abc6e7a72fab74e2ed2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{530D34C2-A769-4AFE-8028-14DA2CA8ACCB}, Quarantined, [f9942d66c9c1e155da0f4824fd08d030],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{54AD2578-BC0C-4C10-9F42-9877FE38402F}, Quarantined, [424bfc974b3fd3634e9a541835d0e51b],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{5676E1E2-7189-42A9-828C-7883EC7D12ED}, Quarantined, [216cb8dbf09a37ffc7210f5d798c44bc],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{9AC7FE65-3114-4AD1-8389-E4E3916041EF}, Quarantined, [1677d9babdcd1f17c4255b11fe07f50b],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{C94A6BD8-5F28-4672-96DE-D3A9238D19FA}, Quarantined, [3e4f7221f09a7eb86a7e74f847be847c],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{CD2357A2-53EB-44D9-B311-369761D21BEE}, Quarantined, [c1cc4f4491f9ce68db0d6efef41102fe],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{D395A326-DA75-4321-B172-3165AAB61E71}, Quarantined, [2d6022711179e74f29c00a62d62fd828],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{D72003DC-3206-4B3E-A2D8-6448D0DC79E1}, Quarantined, [85081d76e6a4fb3b539515574fb6df21],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{E54B5B1C-80D4-4FC0-8EDD-2CA278FED621}, Quarantined, [c4c98e05d9b1350120c93d2fff069f61],

    Registry Values: 16
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2e6f5741-eaf9-4c16-a9ca-

    5b67db81cbec}|AppName, CinPlus-AI1.5cV05.12-bg.exe, Quarantined, [4647afe4068446f085652d3fb84d1de3]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d395a326-da75-4321-b172-

    3165aab61e71}|AppName, CinPlus-AI1.5cV05.12-codedownloader.exe, Quarantined, [dfae7b181a70d75f4e9e412b0cf9cf31]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2e6f5741-eaf9

    -4c16-a9ca-5b67db81cbec}|AppName, CinPlus-AI1.5cV05.12-bg.exe, Quarantined, [1f6e8e05d2b8f64011d9a1cbbd48f40c]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d395a326-da75

    -4321-b172-3165aab61e71}|AppName, CinPlus-AI1.5cV05.12-codedownloader.exe, Quarantined, [06874f44d9b177bf03e99bd1f90ca759]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{15711F0B-E217-4615-BF6F-263BD3572F27}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    codedownloader.exe, Quarantined, [8d009201c1c978bee3065b11a65ffb05]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{2e6f5741-eaf9-4c16-a9ca-5b67db81cbec}|AppName, CinPlus-AI1.5cV05.12-bg.exe, Quarantined,

    [e6a79ff40e7c49ed8463fe6e5baa936d]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{4C3B2E13-9ECA-48E7-8C45-B4E8FF13E9C4}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    buttonutil.exe, Quarantined, [2e5ffc9756347abc6e7a72fab74e2ed2]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{530D34C2-A769-4AFE-8028-14DA2CA8ACCB}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    codedownloader.exe, Quarantined, [f9942d66c9c1e155da0f4824fd08d030]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{54AD2578-BC0C-4C10-9F42-9877FE38402F}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    buttonutil.exe, Quarantined, [424bfc974b3fd3634e9a541835d0e51b]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{5676E1E2-7189-42A9-828C-7883EC7D12ED}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    buttonutil.exe, Quarantined, [216cb8dbf09a37ffc7210f5d798c44bc]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{9AC7FE65-3114-4AD1-8389-E4E3916041EF}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    codedownloader.exe, Quarantined, [1677d9babdcd1f17c4255b11fe07f50b]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{C94A6BD8-5F28-4672-96DE-D3A9238D19FA}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    buttonutil.exe, Quarantined, [3e4f7221f09a7eb86a7e74f847be847c]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{CD2357A2-53EB-44D9-B311-369761D21BEE}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    buttonutil.exe, Quarantined, [c1cc4f4491f9ce68db0d6efef41102fe]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{d395a326-da75-4321-b172-3165aab61e71}|AppName, CinPlus-AI1.5cV05.12-codedownloader.exe,

    Quarantined, [2d6022711179e74f29c00a62d62fd828]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{D72003DC-3206-4B3E-A2D8-6448D0DC79E1}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    buttonutil.exe, Quarantined, [85081d76e6a4fb3b539515574fb6df21]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3322627499-2747479810-277846041-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW

    RIGHTS\ELEVATIONPOLICY\{E54B5B1C-80D4-4FC0-8EDD-2CA278FED621}|AppName, 7c79717f-b49f-432f-a06d-29512bc6bd36-2.exe-

    codedownloader.exe, Quarantined, [c4c98e05d9b1350120c93d2fff069f61]

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.ConsumerInput.A, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions

    \faoigfclahgbjjjaopddafnnapmeppnc, Quarantined, [b4d9e4afc3c73df9cca87d4d758ebd43],
    PUP.Optional.ConsumerInput.A, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions

    \faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3189_0, Quarantined, [b4d9e4afc3c73df9cca87d4d758ebd43],
    PUP.Optional.ConsumerInput.A, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions

    \faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3189_0\_metadata, Quarantined, [b4d9e4afc3c73df9cca87d4d758ebd43],

    Files: 3
    PUP.Optional.ConsumerInput.A, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions

    \faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3189_0\_metadata\computed_hashes.json, Quarantined,

    [b4d9e4afc3c73df9cca87d4d758ebd43],
    PUP.Optional.ConsumerInput.A, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions

    \faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3189_0\_metadata\verified_contents.json, Quarantined,

    [b4d9e4afc3c73df9cca87d4d758ebd43],
    PUP.Optional.ASK.A, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: (

    "homepage": "http://www.search.ask.com/?gct=hp",), Replaced,[eda0b6dd8efc37ff659d5707f3133dc3]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:50:23, on 15/05/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.18835)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\PETER\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?

    type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files

    \Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint

    EX\ewpexbho.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast

    \aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

    \Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_32.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

    \GoogleToolbar_32.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint

    EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager

    \BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer

    \ContentTransferWMDetector.exe
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files

    (x86)\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

    \WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files

    (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -

    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common

    Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows

    \SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

    \AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast

    \AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management

    \ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file

    missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared

    \FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update

    \GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update

    \GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater

    \GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel

    \Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Internet Explorer ETW Collector Service (IEEtwCollectorService) - Unknown owner - C:\Windows

    \system32\IEEtwCollector.exe (file missing)
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files

    (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker

    \x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup

    Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

    (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

    (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat

    \WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file

    missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

    \WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files

    (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10567 bytes


    Thank you so much

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    What issues are you experiencing or is this just a check up ?


    Download Farbar Recovery Scan Tool (64 bit)
    and save it to a folder on your computer's Desktop.
    Right click it and "Run Administrator" When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

  3. #3
    Member KoKo's Avatar
    Join Date
    Dec 2005
    Location
    Cardiff, Wales
    Posts
    46
    Points
    0

    Default

    This was just a check up zep. I found the Doctor thingy and submitted the log files there. After the reinstall by microsoft I wanted to check that all was tickety boo with the laptop. All this because windows installer disappeared!!

    Do you think it is necessary that we download yet another scan tool?

    Thanks for your response - much appreciated.

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    If all is running without issue and you reinstalled then it's probably not necessary.

    Joe

  5. #5
    Member KoKo's Avatar
    Join Date
    Dec 2005
    Location
    Cardiff, Wales
    Posts
    46
    Points
    0

    Default

    Thank you so much.

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    You're welcome !

    Thanks for stopping in today.

    Joe