Solved I received a request from Microsoft to allow info. gathering

January 20, 2015 at 09:33:35
Specs: Windows 7
False? request for problems from Microsoft. Soon after downloading a song to see if I liked it, a request for information opened saying a problem was detected. Thinking it was from Microsoft (I've received them over the years) so I allowed it. After some time downloading (collecting data) I was informed they could not help fix the problem try again later. Didn't have any problems that I noticed before hand. Anyone have any experience or help with an answer. Or maybe I'am just paranoid! Any help would be received with thanks! Do you think this could be malware and how do I find out (running Trend Micro software)

message edited by randoh


See More: I received a request from Microsoft to allow info. gathering

Report •


✔ Best Answer
January 20, 2015 at 20:22:53
Nearly done buddy, just waiting on the Delfix log.

Give me 15 mins & I will think about Trend AV.

Run Disk Cleanup
http://windows.microsoft.com/en-au/...

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.



#1
January 20, 2015 at 11:32:20
Start the ball rolling with these two:
http://filehippo.com/download_malwa...
(green button top right)
Before running it go to "Settings > Detection and protection" and put a check mark in "Scan for rootkits".

http://www.bleepingcomputer.com/dow...
(blue download button near top). "Save" the download file rather than running it online. Double click the saved file to run the Scan

If either of them find anything please copy/paste the logs on here.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#2
January 20, 2015 at 13:53:30
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/20/2015
Scan Time: 4:24:23 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.20.11
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327475
Time Elapsed: 17 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 28
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [ba9709ee2168bf778dea51a47a8857a9],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [ba9709ee2168bf778dea51a47a8857a9],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [4d041bdceb9e8caa6b2537f008fb9d63],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [4110aa4d3950eb4b359ff8f629d950b0],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7736C7FA-512D-11E2-B871-DEC36088709B}, , [490853a4d1b8a2943810935f8e746997],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1, , [430e22d5c1c84aec48aaff85ee15e61a],
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [5ef3cc2bf594e254c637d52656ae5ea2],
PUP.Optional.DiscountBuddy.A, HKLM\SOFTWARE\WOW6432NODE\Discount Buddy, , [c68b6196e1a81422fdb58d1304ff41bf],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlfienamagdnkekbbbocojppncdambda, , [3c15d4234c3d47efa23e8d144bb8f10f],
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [99b8e710b7d237ffd528ad4e40c4748c],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [440d32c54a3fd561f91a7703ce359868],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [57fa5e996821d36379b8cdb0788b0ff1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [e9683abdb2d7b3839039a44023e1d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{01BCB858-2F62-4F06-A8F4-48F927C15333}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C9AE652B-8C99-4AC2-B556-8B501182874E}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C9AE652B-8C99-4AC2-B556-8B501182874E}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{01BCB858-2F62-4F06-A8F4-48F927C15333}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\SuggestMeYes.SuggestMeYesBHO.1, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\SuggestMeYes.SuggestMeYesBHO, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SuggestMeYes.SuggestMeYesBHO, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SuggestMeYes.SuggestMeYesBHO.1, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\INPROCSERVER32, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, , [76dba4535e2b290d0be9a5af9073d62a],

Registry Values: 6
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, , [5ef3cc2bf594e254c637d52656ae5ea2],
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, http://search.certified-toolbar.com... , [3a171fd82960f2444452d3c7887b07f9]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com... , [81d0cc2babde46f0c7b24356c1423fc1]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), http://search.certified-toolbar.com... , [5af7d2250b7eff372e4c9108897a03fd]
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, , [99b8e710b7d237ffd528ad4e40c4748c],
PUP.Optional.SearchCertified.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, http://search.certified-toolbar.com... , [66eb60970f7aa98dcfc5bcdea55e37c9]

Registry Data: 13
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Good: (www.google.com), Bad: (%appdata%\SimplyTech\home\home.htm),,[b29fc532b0d9cf674ff7cec59273cb35]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.certified-toolbar.com... Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[8bc62fc8bdcc4de9eaa93567ac5950b0]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.certified-toolbar.com... Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[96bb2dca50394de9692c603cb94cdf21]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://search.certified-toolbar.com... Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[4a07cb2cc6c32d09b0e4c6d61ee7748c]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://search.certified-toolbar.com... Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[371a6f88bccd70c6cdc98616af566d93]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, http://search.certified-toolbar.com... Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[d978688f5b2e23133826068df31234cc]
Hijack.SearchPage, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.certified-toolbar.com... Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[e56cbc3bc2c791a521710c908c79ab55]
Hijack.SearchPage, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.certified-toolbar.com... Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[fa57b14698f139fd8c04029ad82d916f]
Hijack.SearchPage, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://search.certified-toolbar.com... Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[97ba6e89b8d1c0760f82a7f5e32234cc]
Hijack.SearchPage, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://search.certified-toolbar.com... Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[b0a1a94ed1b886b0583f76267a8b649c]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, http://search.certified-toolbar.com... Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=),,[cd84659298f19e9826346e2534d15ca4]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com... Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&q=%s),,[0948ba3d8306d1650a8a1e80030221df]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1945250335-4174644849-3491937529-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), http://search.certified-toolbar.com... Good: (www.google.com/), Bad: (http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&q=%s),,[7bd610e7dbae1620ace9a7f70afb5ca4]

Folders: 14
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\chrome, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\defaults, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.TidyNetwork.A, C:\Users\Paul\AppData\Local\TNT2, , [b0a19364ff8a5dd9bd640e307a891ce4],
PUP.Optional.TidyNetwork.A, C:\Users\Paul\AppData\Local\TNT2\2.0.0.1663, , [b0a19364ff8a5dd9bd640e307a891ce4],
PUP.Optional.DiscountBuddy.A, C:\Users\Paul\AppData\Local\Discount Buddy, , [4a071add36532313f17bb69661a2629e],
PUP.Optional.Complitly.A, C:\Users\Paul\AppData\Roaming\Complitly, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, C:\Users\Paul\AppData\Roaming\Complitly\64, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.HomeTab.A, C:\Program Files (x86)\HomeTab, , [5ff2ea0d0386d36319aae771c83b2bd5],
PUP.Optional.HomeTab.A, C:\Program Files (x86)\HomeTab\IE, , [5ff2ea0d0386d36319aae771c83b2bd5],

Files: 27
PUP.Optional.WeCare.A, C:\ProgramData\ReadOnlyInstaller.msi, , [d0816f88b8d18aacb98f2bf4e818a65a],
PUP.Optional.HomeTab.A, C:\Users\Paul\AppData\Roaming\Complitly\hometab.exe, , [2e2325d2dbae22146f8b3ef93bc67b85],
PUP.Optional.AZLyrics.A, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [89c80cebc8c1b77fb607bfbbbe453fc1],
PUP.Optional.AZLyrics.A, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [98b9e2156a1f5bdbc8f5d1a9a26122de],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\unins000.dat, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\FireFoxUninstaller.exe, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\InstTracker.exe, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\System.Data.SQLite.dll, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\unins000.exe, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome.manifest, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\install.rdf, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.Complitly.A, C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js, , [430e22d5c1c84aec48aaff85ee15e61a],
PUP.Optional.MindSpark.A, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage, , [71e0ea0d167355e1124c465faf54f40c],
PUP.Optional.MindSpark.A, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage-journal, , [61f015e2d7b225112e30c3e2d42fd729],
PUP.Optional.CrossRider.A, C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjbgonfbgjdmlkjofohofdjnakkfppge_0.localstorage-journal, , [56fb03f43851bd79522582257d868a76],
PUP.Optional.Complitly.A, C:\Users\Paul\AppData\Roaming\Complitly\Complitly.dll, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, C:\Users\Paul\AppData\Roaming\Complitly\64\Complitly64.dll, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, C:\Users\Paul\AppData\Roaming\Complitly\KeepMeUpdated.exe, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.Complitly.A, C:\Users\Paul\AppData\Roaming\Complitly\64\KeepMeUpdated.exe, , [76dba4535e2b290d0be9a5af9073d62a],
PUP.Optional.HomeTab.A, C:\Program Files (x86)\HomeTab\IE\HomeTab.dll, , [5ff2ea0d0386d36319aae771c83b2bd5],

Physical Sectors: 0
(No malicious items detected)


(end) derek; Just ran Malwarebytes this is what it found. If I quarantine these objects will my programs still function. Sorry I took so long had an appointment.


Report •

#3
January 20, 2015 at 14:21:13
"(end) derek; Just ran Malwarebytes this is what it found. If I quarantine these objects will my programs still function"
Yes, quarantine them.

We are on the right track, after you run AdwCleaner scan, click Clean.

We will then need to run more programs.

message edited by Johnw


Report •

Related Solutions

#4
January 20, 2015 at 15:07:45
Here it is!# AdwCleaner v4.108 - Report created 20/01/2015 at 18:02:20
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAUL-HP
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\uninstaller.exe
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\Program Files (x86)\Complitly
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\HomeTab
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\TubeDimmer
Folder Found : C:\Users\Paul\AppData\Local\Conduit
Folder Found : C:\Users\Paul\AppData\Local\Discount Buddy
Folder Found : C:\Users\Paul\AppData\Local\Discount Buddy
Folder Found : C:\Users\Paul\AppData\LocalLow\Conduit
Folder Found : C:\Users\Paul\AppData\Roaming\Complitly

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6118BEF3-B5F9-4B5E-A010-D4CB974A54AF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FDFB66C-713B-4201-83A6-5B78AE227B41}
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Complitly
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6118BEF3-B5F9-4B5E-A010-D4CB974A54AF}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1269415
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Discount Buddy
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\SimplyGen
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=62606&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&st=chrome&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&q=%s
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.4&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&q=%s

-\\ Google Chrome v39.0.2171.99

[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=17284
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=17284
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT1269415
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT1269415
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.5&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&q={searchTerms}
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.5&ts=1377219698432.000009&tguid=62606-6533-1377219698432-56239539D26FB00278437990147E9372&q={searchTerms}
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.searchcompletion.com/?q={searchTerms}&site=web&sitesearch=sees.com&si=26542&tid=0&hi=0&channel=&gsd=&cl=1&safe=off&originalSiteSeachDomain=sees.com&prevsite=web&cc=US&sts=&bi=98957514&st=&btn=
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3300033&SearchSource=45&q={searchTerms}
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3300033&SearchSource=45&q={searchTerms}
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12384 octets] - [20/01/2015 18:02:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12445 octets] ##########


Report •

#5
January 20, 2015 at 15:13:29
Can We have the Malwarebytes log after you quarantine please randoh.

You have installed the Premium version, which is a very good & can be run in conjuction with your current Anti-Virus ( AV ) If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.


Report •

#6
January 20, 2015 at 15:16:43
"Here it is!# AdwCleaner v4.108 - Report created 20/01/2015 at 18:02:20"
Also the log after you hit Clean.

Report •

#7
January 20, 2015 at 15:28:04
Done free ver.2015.01.20.12. I only deleted 8 malicious files. Was afraid to do all. One time exception for the rest. Should I run it again and quarantine the rest.

message edited by randoh


Report •

#8
January 20, 2015 at 15:32:21
" Should I run it again and quarantine the rest"
Yes please, but only what it says to quarantine.

message edited by Johnw


Report •

#9
January 20, 2015 at 16:11:22
I finished running, and quarantined 80 pieces. Sorry it took so long. Should I run AdwCleaner again, now that those items are quarantined.

Report •

#10
January 20, 2015 at 16:15:48
I think we can easily go around in circles, I shall move to the next steps for now.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#11
January 20, 2015 at 16:39:10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paul on Tue 01/20/2015 at 19:30:15.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT1269415
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1269415
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BabylonTC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BabylonTC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\BabylonTC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\BabylonTC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6118BEF3-B5F9-4B5E-A010-D4CB974A54AF}

~~~ Files

Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{26D1B463-A7E9-49E4-B043-FFBE2398094F}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{2FA5BC21-9550-412D-91CC-BA403828D1E1}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{35BFCF2E-FB6D-4B0D-8EDF-571BF16347FC}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{3ABA8A6B-2897-4E8C-8039-F199D9CF223C}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{6FF02D34-8B17-46FE-BDF3-E8EC29E6A534}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{713CD145-912A-4128-A14C-74E059A7C035}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{71B3158A-F651-450E-B144-EAB4E606C97A}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{8BE6FAF2-9E52-437B-9F74-052A088A8141}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{9F11F547-3D62-495F-8919-E1341D3970BA}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/20/2015 at 19:33:07.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the log you asked for. It might be a fluke but my browser seems much faster could it be?


Report •

#12
January 20, 2015 at 16:41:24
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

#13
January 20, 2015 at 16:44:54
"It might be a fluke but my browser seems much faster could it be?"
Yes, without doubt & we haven't finished yet.



Report •

#14
January 20, 2015 at 17:07:26
RogueKiller report~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paul on Tue 01/20/2015 at 19:30:15.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT1269415
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1269415
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BabylonTC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BabylonTC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\BabylonTC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\BabylonTC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_soulseek_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6118BEF3-B5F9-4B5E-A010-D4CB974A54AF}

~~~ Files

Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Paul\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{26D1B463-A7E9-49E4-B043-FFBE2398094F}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{2FA5BC21-9550-412D-91CC-BA403828D1E1}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{35BFCF2E-FB6D-4B0D-8EDF-571BF16347FC}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{3ABA8A6B-2897-4E8C-8039-F199D9CF223C}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{6FF02D34-8B17-46FE-BDF3-E8EC29E6A534}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{713CD145-912A-4128-A14C-74E059A7C035}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{71B3158A-F651-450E-B144-EAB4E606C97A}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{8BE6FAF2-9E52-437B-9F74-052A088A8141}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{9F11F547-3D62-495F-8919-E1341D3970BA}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/20/2015 at 19:33:07.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the report you asked for.


Report •

#15
January 20, 2015 at 17:08:31
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#16
January 20, 2015 at 17:12:16
"This is the report you asked for"
Wrong log, you have given me the Junk log again.

Report •

#17
January 20, 2015 at 17:18:50
I realized the mistake. looking for report. Can not find it any ideas were it could be. not on desk top!

Report •

#18
January 20, 2015 at 17:21:33
My instructions say > Click on "Report" and Copy & Paste the content of the Notepad into your next reply.

Let me know if it is no longer called Report, maybe it's called RK.

message edited by Johnw


Report •

#19
January 20, 2015 at 17:24:28
Did you run it on the Desktop as per instructions, if not, it will be from where you ran it.

Report •

#20
January 20, 2015 at 17:39:53
SorrRogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Administrator]
Mode : Delete -- Date : 01/20/2015 20:36:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30} -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3276GSX +++++
--- User ---
[MBR] 3699ca85503a6bd6cbe5d52137d9e51b
[BSP] 167f786979dbbf3206710b60c66203c9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 285325 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 584755200 | Size: 15656 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01202015_200243.log - RKreport_SCN_01202015_203621.logy lost the report this is what I have.


Report •

#21
January 20, 2015 at 17:52:41
I get the feeling you missed post #15

Report •

#22
January 20, 2015 at 17:54:51
I am not young, I screw up! Everything moves to fast anymore. trouble keeping up. I hope you understand what I am saying. If it were not for people like you I would be really lost thank you for being there!

Report •

#23
January 20, 2015 at 17:57:09
" I hope you understand what I am saying"
100%

Report •

#24
January 20, 2015 at 18:01:55
I believe your right. I don't remember seeing it

Report •

#25
January 20, 2015 at 18:15:48
zippysharehttp:http://www27.zippyshare.com/v/PJAEhFGk/file.html//www27.zippyshare.com/v/PJAEhFGk/file.html I hope this was done properly.

Report •

#26
January 20, 2015 at 18:22:32
Nice try, you sent the Addition log twice.

Here is how a link should look, try it yourself.
http://www27.zippyshare.com/v/PJAEh...

Just need the FRST log now.


Report •

#27
January 20, 2015 at 18:22:35
zippysharehttp:http://www27.zippyshare.com/v/PJAEhFGk/file.html//www27.zippyshare.com/v/PJAEhFGk/file.html This is both hohttp://www27.zippyshare.com/v/SrJmAJpB/file.html
http://www27.zippyshare.com/v/TKHQy...
pefully!

message edited by randoh


Report •

#28
January 20, 2015 at 18:24:58
Got it.
http://www27.zippyshare.com/v/SrJmA...

How are you going time wise?
I'm here.
http://www.timeanddate.com/worldclo...


Report •

#29
January 20, 2015 at 18:35:46
The great down under. It's 9:30 PM Tuesday EST. SW. PA. 50 Miles SE. of Pittsburgh. Man if I could go somewhere I would love to see your country. not kidding at all. Have you been up all night.

message edited by randoh


Report •

#30
January 20, 2015 at 18:40:29
No, I'm an early riser, got up about 5.30am today, Wednesday.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 - (No Name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={search...
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={s...
SearchScopes: HKLM -> {C90F9629-5CAB-4F87-9D00-2FB81D018944} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Specia...
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM-x32 -> {C90F9629-5CAB-4F87-9D00-2FB81D018944} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Specia...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {C90F9629-5CAB-4F87-9D00-2FB81D018944} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Specia...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...
Toolbar: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
C:\Users\Paul\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Paul\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll
C:\Users\Paul\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Paul\AppData\Local\Temp\_is3ACC.exe
C:\Users\Paul\AppData\Local\Temp\_isD039.exe
C:\Users\Paul\AppData\Local\Temp\~tmp1418425295410.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#31
January 20, 2015 at 19:25:29
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Paul at 2015-01-20 21:54:04 Run:1
Running from C:\Users\Paul\Documents\Fix
Loaded Profiles: Paul (Available profiles: Paul)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 - (No Name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={search...
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={s...
SearchScopes: HKLM -> {C90F9629-5CAB-4F87-9D00-2FB81D018944} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Specia...
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM-x32 -> {C90F9629-5CAB-4F87-9D00-2FB81D018944} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Specia...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {C90F9629-5CAB-4F87-9D00-2FB81D018944} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Specia...
SearchScopes: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-3...
Toolbar: HKU\S-1-5-21-1945250335-4174644849-3491937529-1000 -> No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
C:\Users\Paul\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Paul\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll
C:\Users\Paul\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Paul\AppData\Local\Temp\_is3ACC.exe
C:\Users\Paul\AppData\Local\Temp\_isD039.exe
C:\Users\Paul\AppData\Local\Temp\~tmp1418425295410.exe
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ad708c09-d51b-45b3-9d28-4eba2681febf} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C90F9629-5CAB-4F87-9D00-2FB81D018944}" => Key deleted successfully.
HKCR\CLSID\{C90F9629-5CAB-4F87-9D00-2FB81D018944} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C90F9629-5CAB-4F87-9D00-2FB81D018944}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C90F9629-5CAB-4F87-9D00-2FB81D018944} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C90F9629-5CAB-4F87-9D00-2FB81D018944}" => Key deleted successfully.
HKCR\CLSID\{C90F9629-5CAB-4F87-9D00-2FB81D018944} => Key not found.
"HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
"HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\S-1-5-21-1945250335-4174644849-3491937529-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} => value deleted successfully.
HKCR\CLSID\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => Key deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
Amsp => Service deleted successfully.
clwvd => Service deleted successfully.
C:\Users\Paul\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\_is3ACC.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\_isD039.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\~tmp1418425295410.exe => Moved successfully.
Run FRST/FRST64 and press the Fix button just once and wait. => Error: No automatic fix found for this entry.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run. => Error: No automatic fix found for this entry.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply. => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 816 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:54:17 ==== Lost my Trend Micro folder empty


Report •

#32
January 20, 2015 at 19:31:05
Open Malwarebytes, Update & then scan again. Quarantine all it finds & so you don't have to go hunting for the log, Copy & Paste that info before you close Malwarebytes.

Report •

#33
January 20, 2015 at 19:54:58
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/20/2015
Scan Time: 10:34:54 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326111
Time Elapsed: 17 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end) It found nothing!


Report •

#34
January 20, 2015 at 19:56:14
Ok, you are clean now.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


Report •

#35
January 20, 2015 at 20:09:30
Well mate, are we done. Should I just download a new Trend Micro.
I guess we are done thanks much for helping and being so understanding again thanks for helping an old timer. best wishes; randoh

message edited by randoh


Report •

#36
January 20, 2015 at 20:22:53
✔ Best Answer
Nearly done buddy, just waiting on the Delfix log.

Give me 15 mins & I will think about Trend AV.

Run Disk Cleanup
http://windows.microsoft.com/en-au/...

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#37
January 20, 2015 at 20:30:11
# DelFix v10.8 - Logfile created 20/01/2015 at 23:03:58
# Updated 29/07/2014 by Xplode
# Username : Paul - PAUL-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Paul\Desktop\Addition.txt
Deleted : C:\Users\Paul\Desktop\AdwCleaner.lnk
Deleted : C:\Users\Paul\Desktop\FRST.txt
Deleted : C:\Users\Paul\Desktop\FRST64.exe
Deleted : C:\Users\Paul\Desktop\JRT.exe
Deleted : C:\Users\Paul\Desktop\RogueKiller.exe
Deleted : C:\Users\Paul\Downloads\AdwCleaner.exe
Deleted : C:\Users\Paul\Downloads\FRST64.exe
Deleted : C:\Users\Paul\Downloads\JRT.exe
Deleted : C:\Users\Paul\Downloads\RogueKiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #308 [Windows Update | 12/09/2014 23:47:58]
Deleted : RP #309 [My 12/11/14 2:30 PM | 12/11/2014 19:30:43]
Deleted : RP #310 [Windows Update | 12/12/2014 22:47:00]
Deleted : RP #311 [Windows Update | 12/13/2014 21:12:01]
Deleted : RP #312 [Windows Update | 12/18/2014 03:40:32]
Deleted : RP #313 [Made by Regsofts | 12/19/2014 23:25:09]
Deleted : RP #314 [Windows Backup | 12/20/2014 04:41:43]
Deleted : RP #315 [My 12/22/14 | 12/23/2014 01:33:41]
Deleted : RP #316 [my | 12/25/2014 00:50:55]
Deleted : RP #317 [mine | 12/27/2014 04:32:50]
Deleted : RP #318 [Made by Regsofts | 12/27/2014 04:37:23]
Deleted : RP #319 [Installed HP Support Solutions Framework | 12/30/2014 23:27:41]
Deleted : RP #320 [Installed HP Support Assistant | 12/30/2014 23:39:27]
Deleted : RP #321 [Windows Modules Installer | 12/30/2014 23:41:25]
Deleted : RP #322 [Windows Modules Installer | 12/30/2014 23:42:07]
Deleted : RP #323 [Made by Regsofts | 01/04/2015 23:10:21]
Deleted : RP #324 [mine | 01/10/2015 18:58:38]
Deleted : RP #325 [Windows Update | 01/14/2015 02:49:11]
Deleted : RP #326 [my | 01/14/2015 03:02:05]
Deleted : RP #327 [Windows Update | 01/14/2015 03:05:11]
Deleted : RP #328 [Made by Regsofts | 01/18/2015 22:49:08]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
Here it is!


Report •

#38
January 20, 2015 at 20:40:33
"New restore point created !"
Very good, you now have nothing lurking in System Restore.

Just wanted to go through your logs randoh.
Is Trend expired or due for renewal?
Have you been happy with Trend?

No AV will have prevented what happened to you, it was USER error.

message edited by Johnw


Report •

#39
January 20, 2015 at 20:56:08
Johnw I am sure there were a lot of user errors I did not realize how bad it was. I tried to reinstall trend micro but it says it is all ready installed to delete it and try again. tried to uninstall it and get a report it is running. It is not in the toolbar & the folder is empty. I like Trend because it comes free with my internet service. May just call the internet provider and have customer service walk me through a reinstall.

Report •

#40
January 20, 2015 at 21:05:28
"May just call the internet provider and have customer service walk me through a reinstall"

Yep, it can be tricky. Stick with Trend. Post back if you get stuck or use Google, I google everything, I'm not that good, that I know the trillions of error combinations out there.

So goodby for now, that was fun.


Report •

#41
January 20, 2015 at 21:12:35
Thanks again! You went above & beyond anything I ever expected. About $500 worth of work! Hope we run into each other again. It's been a pleasure. bye JohnW

Report •

#42
January 20, 2015 at 21:16:39
" It's been a pleasure"
And you passed with flying colors.

Report •

#43
January 21, 2015 at 04:10:12
Good to see a positive result and well worth going the extra few miles.

Always pop back and let us know the outcome - thanks


Report •

#44
January 21, 2015 at 12:11:10
Derek thank you so much Johnw was unbelievable also very forgiving of my lack of computing knowledge. What a great resource! Again thanks.
P.S. I got my Trend Micro reinstalled within ten minutes (by myself ha! ha!) after we finished.

Report •


Ask Question