Windows Updates hangs on 25% PU

May 26, 2016 at 11:43:56
Specs: Windows 7
Either Windows Modules Installer (=Trusted Installer) or svchost.exe lock on 25% CPU,
prevent installing updates. The same thing occurs when I try to Run manually downloaded
updates with Windows Updates Downloader.

Does it sound like a virus? sfc /scannow shows
some corrupted files which it cannot repair.


See More: Windows Updates hangs on 25% PU

Report •


#1
May 26, 2016 at 12:50:48
Not the usual symptom of a virus. Best start would be to check the hard disk to make sure it is not about to fail, or has errors that need fixing:
https://support.microsoft.com/en-us...

If it finds anything run scannow again.

If you want a quick check for a virus run these three freebies in the order given:

AdwCleaner:
https://toolslib.net/downloads/view...
(blue "Download Now" button on right).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.org/junkwa...
(blue Download button).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
(use the "download" button rather than the "buy" button).
Install and Run the program but before running the Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here.

Always pop back and let us know the outcome - thanks


Report •

#2
May 26, 2016 at 12:59:17
See my post here & see if the fix helps: http://www.computing.net/answers/wi...

Report •

#3
May 26, 2016 at 15:49:25
So you've got a 4 core CPU, huh?

You can try resetting Windows Update; instructions are here: https://support.microsoft.com/en-us...

Other than that, you'll have to wait it out. Windows 7 SP1 has been going on for many more years than originally intended. You see, the plan was to have Microsoft release multiple Win7 service packs every year or two apart. That never happened, so every time your PC goes to update it has to sort through 7 years of updates.

How To Ask Questions The Smart Way


Report •

Related Solutions

#4
May 27, 2016 at 15:23:41
"sfc /scannow shows some corrupted files which it cannot repair"
Run chkdsk.

How to Run Disk Check in Windows 7
http://www.sevenforums.com/tutorial...
http://www.brazil-help.com/chkdsk.htm
http://www.wikihow.com/Run-a-Chkdsk...


Report •

#5
May 27, 2016 at 15:30:07
Re #4

Same meat (slightly different gravy maybe) as first part of #1 I think.

Always pop back and let us know the outcome - thanks


Report •

#6
May 30, 2016 at 11:24:06

Thank you for your responses!

Details:

Re #1 Derek. I ran CHKDSK as you suggested, it found 0 errors and therefore 0 repairs.
I had done Malwarebytes, it found 94 entries, all quarantined, but the problem persisted.
I do not know how to paste a log so you can read it, so here follows the non-normal parts
of an sfc /scannow log

2016-05-21 23:28:57, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2016-05-21 23:28:58, Info CSI 00000262 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:28:58, Info CSI 00000264 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:28:59, Info CSI 00000266 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:28:59, Info CSI 00000267 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:28:59, Info CSI 0000026a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
2016-05-21 23:29:00, Info CSI 00000278 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:00, Info CSI 00000279 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:29:00, Info CSI 0000027c [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
2016-05-21 23:29:00, Info CSI 0000027e [SR] Verify complete
2016-05-21 23:29:00, Info CSI 0000027f [SR] Verifying 100 (0x0000000000000064) components
2016-05-21 23:29:00, Info CSI 00000280 [SR] Beginning Verify and Repair transaction
2016-05-21 23:29:03, Info CSI 00000282 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:06, Info CSI 00000284 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:08, Info CSI 00000286 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:08, Info CSI 00000287 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:29:08, Info CSI 0000028a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
2016-05-21 23:29:08, Info CSI 0000028c [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:08, Info CSI 0000028d [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:29:08, Info CSI 00000290 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted


2016-05-21 23:31:01, Info CSI 00000321 [SR] Beginning Verify and Repair transaction
2016-05-21 23:31:01, Info CSI 00000323 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000325 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000327 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000329 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 0000032b [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 0000032c [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:01, Info CSI 0000032f [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
2016-05-21 23:31:01, Info CSI 00000331 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000332 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:01, Info CSI 00000335 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
2016-05-21 23:31:01, Info CSI 00000337 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000338 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:02, Info CSI 0000033b [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
2016-05-21 23:31:02, Info CSI 0000033d [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:02, Info CSI 0000033e [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:02, Info CSI 00000341 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted
2016-05-21 23:31:02, Info CSI 00000343 [SR] Repair complete
2016-05-21 23:31:02, Info CSI 00000344 [SR] Committing transaction
2016-05-21 23:31:02, Info CSI 00000348 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


2016-05-21 23:28:57, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2016-05-21 23:28:58, Info CSI 00000262 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:28:58, Info CSI 00000264 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:28:59, Info CSI 00000266 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:28:59, Info CSI 00000267 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:28:59, Info CSI 0000026a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
2016-05-21 23:29:00, Info CSI 00000278 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:00, Info CSI 00000279 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:29:00, Info CSI 0000027c [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
2016-05-21 23:29:00, Info CSI 0000027e [SR] Verify complete
2016-05-21 23:29:00, Info CSI 0000027f [SR] Verifying 100 (0x0000000000000064) components
2016-05-21 23:29:00, Info CSI 00000280 [SR] Beginning Verify and Repair transaction
2016-05-21 23:29:03, Info CSI 00000282 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:06, Info CSI 00000284 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:08, Info CSI 00000286 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:08, Info CSI 00000287 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:29:08, Info CSI 0000028a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
2016-05-21 23:29:08, Info CSI 0000028c [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:29:08, Info CSI 0000028d [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:29:08, Info CSI 00000290 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted


2016-05-21 23:31:01, Info CSI 00000321 [SR] Beginning Verify and Repair transaction
2016-05-21 23:31:01, Info CSI 00000323 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000325 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000327 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000329 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 0000032b [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 0000032c [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:01, Info CSI 0000032f [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
2016-05-21 23:31:01, Info CSI 00000331 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000332 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:01, Info CSI 00000335 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
2016-05-21 23:31:01, Info CSI 00000337 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:01, Info CSI 00000338 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:02, Info CSI 0000033b [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
2016-05-21 23:31:02, Info CSI 0000033d [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-21 23:31:02, Info CSI 0000033e [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-05-21 23:31:02, Info CSI 00000341 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted
2016-05-21 23:31:02, Info CSI 00000343 [SR] Repair complete
2016-05-21 23:31:02, Info CSI 00000344 [SR] Committing transaction
2016-05-21 23:31:02, Info CSI 00000348 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


Re #2 Riider. I had done just that, also KB3083710. It helped a couple of times only. Nothing
permanent.

Re #3 Razor2.3 You mean the Fixit, had tried several times.
What an excellent piece of information you offer! New to me. Now I undestand why Windows Updates Downloader (WUD) provides a List so long, apparently consisting of all the updates
issued since the birth of Win7, without regard to (as in Windows Update) the ones I already have.
However, I cannot install updates from it.

Re #4 Johnw. Derek is right in #5, but thank you anyway.

My conclusion so far: The problem is to INSTALL the updates even when a Search succeeds,
which it does with WUD (Run as Administrator!) but not with Windows Update/Search.
Something in connection with WU triggers TrustedInstaller.exe to increase to 25% CPU, then be replaced by a svchost.exe comprising Windows Update service among others, and park on 25% CPU; of course making the PC slower.
I have found that Microsoft Download Center will both download and install, with the service
Windows Modules Installer in Manual , but you have to know the KB-number as input. And that must be taken from the WUD-list, although unhappily this does not give a description of the updates for you to choose from. A cumbersome way, maybe I shall inactivate Windows Update and Windows Modulus Installer for most of the time.


Report •

#7
May 30, 2016 at 15:09:49
There is a program called "Tweaking.com" which Johnw (#4) has used with success and maybe he will comment on this if he drops by. I've never used it personally so I would prefer it not to be a new venture for me on someone else's computer.

Always pop back and let us know the outcome - thanks


Report •

#8
May 30, 2016 at 16:28:39
Hi xall.

"I do not know how to paste a log so you can read it"
You can't post the log as such. You Copy & Paste the contents.
Could you do so please.

Log locations
http://i.imgur.com/s05hsP9.gif
http://i.imgur.com/qZ5dybV.gif
http://i.imgur.com/wOHlluy.gif
http://i.imgur.com/pYQQLah.gif

message edited by Johnw


Report •

#9
June 2, 2016 at 12:00:10
Johnw: Here are 4 mbam-logs, from 10 May and 19 May:

<?xml version="1.0" encoding="UTF-8"?>
<logs><record message="Bad md5 or size: swissarmy" last_modified_tag="a2a18603-c798-4f35-aa33-f69eeb7be444" code="11" systemname="TOSH" username="SYSTEM" type="Error" source="Update" datetime="2016-05-10T22:59:09.331617+02:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: actions" last_modified_tag="fdd893cf-e979-41bf-ad08-55bf4d90ea74" code="11" systemname="TOSH" username="SYSTEM" type="Error" source="Update" datetime="2016-05-10T22:59:09.364619+02:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: domains" last_modified_tag="904f2f4e-46c1-4261-95f5-02ee94ce8929" code="11" systemname="TOSH" username="SYSTEM" type="Error" source="Update" datetime="2016-05-10T22:59:09.375620+02:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: ips" last_modified_tag="311d00ef-5753-4d24-a7ae-e3d03f737927" code="11" systemname="TOSH" username="SYSTEM" type="Error" source="Update" datetime="2016-05-10T22:59:09.385620+02:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: akadomains" last_modified_tag="512e3e21-2ce3-4b68-8eb1-53bddfea8558" code="11" systemname="TOSH" username="SYSTEM" type="Error" source="Update" datetime="2016-05-10T22:59:09.448624+02:00" LoggingEventType="4" severity="debug"/><record message="Bad md5 or size: akaips" last_modified_tag="89cf52aa-4425-419b-a56c-19a1aa65b2df" code="11" systemname="TOSH" username="SYSTEM" type="Error" source="Update" datetime="2016-05-10T22:59:09.490627+02:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="c1462321-6bac-4458-b265-0ff6989fa27f" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:09.763827+02:00" LoggingEventType="1" severity="debug" toVersion="2015.9.11.2" name="AKA IP Database" fromVersion="2015.9.11.2"/><record last_modified_tag="3434a792-15e6-4f65-9853-799c25d87996" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:09.873028+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.6.1" name="Rootkit Database" fromVersion="2015.11.26.1"/><record last_modified_tag="4f158e6c-5f5e-405e-9147-44a8b2e21b53" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:09.997828+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.6.1" name="Remediation Database" fromVersion="2015.11.22.2"/><record last_modified_tag="db5b1df7-2bc2-4602-9f91-e741bef8173a" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:10.122628+02:00" LoggingEventType="1" severity="debug" toVersion="2015.9.11.2" name="AKA Domain Database" fromVersion="2015.9.11.2"/><record last_modified_tag="3b6be4f4-a2cd-465f-9561-d5b271e5fc18" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:10.731029+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.10.2" name="IP Database" fromVersion="2015.11.28.3"/><record last_modified_tag="cbd17f6f-6d11-4d3a-bf39-77ed74e04a4f" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:11.167830+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.10.8" name="Domain Database" fromVersion="2015.11.28.6"/><record last_modified_tag="00b258e3-cfc1-4142-a22d-ce85fc4c64d3" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:17.345441+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.10.6" name="Malware Database" fromVersion="2015.11.28.6"/><record last_modified_tag="95b3f33d-5317-440b-9cd5-6a41e5418af2" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T22:59:31.104665+02:00" LoggingEventType="1" severity="debug" toVersion="2.2.1.0" name="program" fromVersion="2.1.8.1057"/><record last_modified_tag="ff3657bb-2d99-4ed8-853a-8508871bbe9e" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T23:03:22.321427+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.6.1" name="Remediation Database" fromVersion="2016.2.12.1"/><record last_modified_tag="4c4700d2-b41c-4edb-93b0-5d0d1e6a9807" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T23:03:22.399427+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.6.1" name="Rootkit Database" fromVersion="2016.2.8.1"/><record last_modified_tag="a70df562-755e-4194-8dc4-b8e1c4be3b66" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T23:03:23.226228+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.10.8" name="Domain Database" fromVersion="2016.2.16.8"/><record message="" last_modified_tag="3f3b2a3d-3228-4f1f-a747-950048c8b81a" code="0" systemname="TOSH" username="SYSTEM" type="Error" source="Manual" datetime="2016-05-10T23:03:25.535032+02:00" LoggingEventType="4" severity="debug"/><record message="" last_modified_tag="987b7093-0230-46fb-959b-c90a6367c1bb" code="0" systemname="TOSH" username="SYSTEM" type="Error" source="Manual" datetime="2016-05-10T23:03:25.550632+02:00" LoggingEventType="4" severity="debug"/><record message="" last_modified_tag="2fc5cff8-9f63-480b-926b-e4ba09ea2e94" code="0" systemname="TOSH" username="SYSTEM" type="Error" source="Manual" datetime="2016-05-10T23:03:25.737833+02:00" LoggingEventType="4" severity="debug"/><record message="" last_modified_tag="28969acf-47ca-4d4f-bfe3-f113b6d65bc5" code="0" systemname="TOSH" username="SYSTEM" type="Error" source="Manual" datetime="2016-05-10T23:03:25.753433+02:00" LoggingEventType="4" severity="debug"/><record last_modified_tag="4ab4cd2f-d0ed-491d-94af-4806aa9a5643" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T23:04:41.429165+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.10.6" name="Malware Database" fromVersion="2016.2.16.6"/><record last_modified_tag="46a78aa7-2050-4b4a-86ba-cca1c2bc5980" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-10T23:04:46.842375+02:00" LoggingEventType="1" severity="debug" toVersion="2016.5.10.2" name="IP Database" fromVersion="2016.2.8.1"/><record last_modified_tag="0abe739f-ca30-4178-976b-e2d18fa128f1" systemname="TOSH" username="SYSTEM" type="Scan" source="Manual" datetime="2016-05-10T23:41:43.839893+02:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="190" malwaredetections="6" duration="1788" starttime="2016-05-10T23:04:47+02:00" scantype="threat"/></logs>

<?xml version="1.0" encoding="UTF-16"?>
<mbam-log><header><date>2016/05/10 23:04:47 +0200</date><logfile>mbam-log-2016-05-10 (23-03-57).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.2.1.1043</version><malware-database>v2016.05.10.06</malware-database><rootkit-database>v2016.05.06.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>TOSH</hostname><ip>192.168.1.100</ip><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>fm</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>399769</objects><time>1788</time><processes>0</processes><modules>0</modules><keys>21</keys><values>3</values><datas>0</datas><folders>7</folders><files>67</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>warn</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}</path><vendor>PUP.Optional.WinManger</vendor><action>success</action><hash>2e1024b036633df91b1997d3a65ca65a</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}</path><vendor>PUP.Optional.WinManger</vendor><action>success</action><hash>2e1024b036633df91b1997d3a65ca65a</hash></key><key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}</path><vendor>PUP.Optional.WinManger</vendor><action>success</action><hash>2e1024b036633df91b1997d3a65ca65a</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WinThruster_is1</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>c57971634a4f1f178f3b0ea9c9382cd4</hash></key><key><path>HKLM\SOFTWARE\DIVX\INSTALL\SETUP\WIZARDLAYOUT\ConduitToolbar</path><vendor>PUP.Optional.Conduit</vendor><action>success</action><hash>dd61b61ebddca591c3b7b8e70df52ed2</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd</path><vendor>PUP.Optional.AmiUpdater</vendor><action>delete-on-reboot</action><hash>1f1f6a6aa6f33df962a5fb6f897ac43c</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi</path><vendor>PUP.Optional.AmiUpdater</vendor><action>delete-on-reboot</action><hash>f9458c485a3fb581a1661456c53ed729</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\ihpmserver</path><vendor>PUP.Optional.Elex</vendor><action>success</action><hash>c7778c48d8c1152109dbc7cd81824ab6</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\omniboxesSoftware</path><vendor>PUP.Optional.Omniboxes.ShrtCln</vendor><action>success</action><hash>5ee014c0adecb482f88a5e5022e0738d</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASAPI32</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>9ea03a9a5940013545c2fba9c24030d0</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASMANCS</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>132b5c780a8f3105e522446019e9dc24</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\pcspeedup_RASAPI32</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>ce70ffd5badf82b467e25c5cdd26956b</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\pcspeedup_RASMANCS</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>013ddef69cfdf34360e9b305748f30d0</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>70ce41933564dc5af568c4d07d86dd23</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS</path><vendor>PUP.Optional.PCSpeedUp</vendor><action>success</action><hash>df5f01d3b7e2c175b6a7781cc0435aa6</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TNT2User_RASAPI32</path><vendor>PUP.Optional.TidyNetwork</vendor><action>success</action><hash>2717fadaefaab77f10598b3102015ea2</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TNT2User_RASMANCS</path><vendor>PUP.Optional.TidyNetwork</vendor><action>success</action><hash>2e1062723b5e6ccafd6c2f8d31d20ff1</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\RAYDLD</path><vendor>PUP.Optional.Elex</vendor><action>success</action><hash>46f817bdd5c4e94d8dd50aa00df58c74</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\SOLVUSOFT\WinThruster</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>cb736371eeabda5cbfb517b4e51e19e7</hash></key><key><path>HKU\S-1-5-21-1378777288-3166350604-145604183-1000\SOFTWARE\MOZILLA\EXTENDS</path><vendor>PUP.Optional.DeskCut</vendor><action>success</action><hash>360823b1d7c2360006077ef534cf9070</hash></key><key><path>HKU\S-1-5-21-1378777288-3166350604-145604183-1000\SOFTWARE\SOLVUSOFT\WinThruster</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>57e78f45cfcaf83e6a08f1da28db20e0</hash></key><value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>deskCutv2@gmail.com</valuename><vendor>PUP.Optional.DeskCut</vendor><action>success</action><valuedata>C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\extensions\deskCutv2@gmail.com</valuedata><hash>043a9440455463d3b35bb2c1e61d9c64</hash></value><value><path>HKLM\SOFTWARE\WOW6432NODE\RAYDLD</path><valuename>dir</valuename><vendor>PUP.Optional.Elex</vendor><action>success</action><valuedata>C:\Program Files (x86)\RayDld</valuedata><hash>46f817bdd5c4e94d8dd50aa00df58c74</hash></value><value><path>HKU\S-1-5-21-1378777288-3166350604-145604183-1000\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.DeskCut</vendor><action>success</action><valuedata>deskCutv2@gmail.com</valuedata><hash>360823b1d7c2360006077ef534cf9070</hash></value><folder><path>C:\Users\fm\AppData\Local\mbot_se_014010159</path><vendor>PUP.Optional.MBot</vendor><action>success</action><hash>1925cf05f4a5af87b953eca149b9f30d</hash></folder><folder><path>C:\Program Files (x86)\mbot_se_014010159</path><vendor>PUP.Optional.MBot</vendor><action>success</action><hash>1a244c88099052e4848977169f639769</hash></folder><folder><path>C:\ProgramData\Tarma Installer</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>8db1884cd2c7ff37d8584a50cf337a86</hash></folder><folder><path>C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>8db1884cd2c7ff37d8584a50cf337a86</hash></folder><folder><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></folder><folder><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\Partial Backups</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></folder><folder><path>C:\Program Files (x86)\WinThruster</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></folder><file><path>C:\Program Files (x86)\Registry Easy\RegEasyCleaner.exe</path><vendor>PUP.Optional.RegistryEasy</vendor><action>success</action><hash>241a25afacedd4622296f9aecc35649c</hash></file><file><path>C:\Program Files (x86)\Registry Easy\RegistryEasy_Lite SetUp.exe</path><vendor>PUP.Optional.RegistryEasy</vendor><action>success</action><hash>94aa2aaa41582511d4e47235bb4633cd</hash></file><file><path>C:\Program Files (x86)\mbot_se_014010159\mbot_se_014010159.exe</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>e757676dadecb482384abe8fd829d42c</hash></file><file><path>C:\Program Files (x86)\mbot_se_014010159\predm.exe</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>82bc894b10899e98308097a5f10ff20e</hash></file><file><path>C:\Program Files (x86)\mbot_se_014010159\unins000.exe</path><vendor>PUP.Optional.Tuto4PC</vendor><action>success</action><hash>df5f6470eeab211589d4681006fb4eb2</hash></file><file><path>C:\Program Files (x86)\SyncTime\cbsidlm-tr1_8-Ultra_Atom_Time_Synchronizer-ORG2-10635964.exe</path><vendor>PUP.Optional.DownLoadAdmin</vendor><action>success</action><hash>f24cd1037425fe387289b4e252af6f91</hash></file><file><path>C:\Program Files (x86)\WinThruster\unins000.exe</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>c57971634a4f1f178f3b0ea9c9382cd4</hash></file><file><path>C:\Program Files (x86)\WinThruster\WinThruster.exe</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>2a14676d59400c2af1ba3c8059a824dc</hash></file><file><path>C:\Program Files (x86)\RayDld\ihpmServer.exe</path><vendor>PUP.Optional.Elex</vendor><action>success</action><hash>3608e6eebcddbb7b511982e640c1ee12</hash></file><file><path>C:\Program Files (x86)\RayDld\ihpmServer.ini</path><vendor>PUP.Optional.Elex</vendor><action>success</action><hash>3707c311603984b2b8b22048847dc23e</hash></file><file><path>C:\Program Files (x86)\RayDld\Raydld.exe</path><vendor>PUP.Optional.Elex</vendor><action>success</action><hash>e45a12c24b4ec0764528a2c6a85957a9</hash></file><file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>5fdffbd92178ac8a1f8caf0d37cade22</hash></file><file><path>C:\Users\fm\AppData\Local\mbot_se_014010159\upmbot_se_014010159.exe</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>f14d30a47c1dd066f9074c2737cab749</hash></file><file><path>C:\Users\fm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico</path><vendor>PUP.Optional.WinYahoo</vendor><action>success</action><hash>87b76e666a2f979fefec50469a6954ac</hash></file><file><path>C:\Windows\System32\Tasks\WinThruster_DEFAULT</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>f747e5ef7d1c7db9d699c00bb84bf709</hash></file><file><path>C:\Windows\System32\Tasks\WinThruster_UPDATES</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>d26cc70de6b351e5006fd6f54fb4fa06</hash></file><file><path>C:\Windows\Tasks\WinThruster_DEFAULT.job</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>8db15d773d5c60d6610f08c31ae9f010</hash></file><file><path>C:\Windows\Tasks\WinThruster_UPDATES.job</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>47f7488cfb9e80b67ff1dfece91aa060</hash></file><file><path>C:\Users\fm\AppData\Local\mbot_se_014010159\upmbot_se_014010159.exe</path><vendor>PUP.Optional.MBot</vendor><action>success</action><hash>1925cf05f4a5af87b953eca149b9f30d</hash></file><file><path>C:\Program Files (x86)\mbot_se_014010159\predm.exe</path><vendor>PUP.Optional.MBot</vendor><action>success</action><hash>1a244c88099052e4848977169f639769</hash></file><file><path>C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>8db1884cd2c7ff37d8584a50cf337a86</hash></file><file><path>C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>8db1884cd2c7ff37d8584a50cf337a86</hash></file><file><path>C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>8db1884cd2c7ff37d8584a50cf337a86</hash></file><file><path>C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>8db1884cd2c7ff37d8584a50cf337a86</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\1458325605.reg</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\ExcludeList.rcp</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\log_03-16-2016.log</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\log_03-17-2016.log</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\log_03-18-2016.log</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\log_04-03-2016.log</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\log_04-13-2016.log</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\RCPscanlog.xml</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\rcpupdate.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\results.rcp</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\swedish_rcp.dat</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\TempHLList.rcp</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\vis.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\Partial Backups\00000001.rmx</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Users\fm\AppData\Roaming\Solvusoft\WinThruster\Partial Backups\00000001.rxb</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>aa94def60a8f1026f377b4e9c042e41c</hash></file><file><path>C:\Program Files (x86)\WinThruster\Italian_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Chinese_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\CleanSchedule.exe</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Danish_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Dutch_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\eng_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Finnish_rcp_fi.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\French_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\German_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\greek_rcp_el.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\install_left_image.bmp</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\isxdl.dll</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Japanese_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\korean_rcp_ko.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Norwegian_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\polish_rcp_pl.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\portugese_rcp_pt.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Portuguese_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\RegCleanPro.dll</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\russian_rcp_ru.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Spanish_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\Swedish_rcp.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\TraditionalCn_rcp_zh-tw.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\turkish_rcp_tr.ini</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\unins000.dat</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\unins000.msg</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Program Files (x86)\WinThruster\xmllite.dll</path><vendor>PUP.Optional.WinThruster</vendor><action>success</action><hash>b38bc60ea2f71620610a2c717b87d22e</hash></file><file><path>C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js</path><vendor>PUP.Optional.Omniboxes.ShrtCln</vendor><action>replaced</action><baddata>user_pref("browser.newtab.url", "http://www.omniboxes.com/newtab/?type=nt&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes");</baddata><gooddata/><hash>93ab3b99ff9a0a2c10f56af3758f9769</hash></file></items></mbam-log>


19 May:
<?xml version="1.0" encoding="UTF-8"?>
<logs><record toVersion="2016.5.17.3" name="Remediation Database" last_modified_tag="34197c07-9355-43fa-9e09-41e44384b4ae" fromVersion="2016.5.6.1" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-19T16:07:13.047940+02:00" LoggingEventType="1" severity="debug"/><record toVersion="2016.5.19.3" name="Domain Database" last_modified_tag="3d3a1f3a-6c18-417a-afe0-317cd05cf921" fromVersion="2016.5.10.8" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-19T16:07:13.921542+02:00" LoggingEventType="1" severity="debug"/><record toVersion="2016.5.19.3" name="Malware Database" last_modified_tag="5fb7540c-bb32-4316-b365-6b1914830558" fromVersion="2016.5.10.6" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-19T16:07:19.100751+02:00" LoggingEventType="1" severity="debug"/><record toVersion="2016.5.18.2" name="IP Database" last_modified_tag="8c74d1b3-7e57-4f96-a7c2-ece581083d25" fromVersion="2016.5.10.2" systemname="TOSH" username="SYSTEM" type="Update" source="Manual" datetime="2016-05-19T16:07:20.395553+02:00" LoggingEventType="1" severity="debug"/><record last_modified_tag="e058bf13-3bf7-48cc-99a9-1c946889be21" systemname="TOSH" username="SYSTEM" type="Scan" source="Manual" datetime="2016-05-19T16:35:20.022303+02:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1678" starttime="2016-05-19T16:07:21+02:00" scantype="threat"/></logs>

<?xml version="1.0" encoding="UTF-16"?>
<mbam-log><header><date>2016/05/19 16:07:21 +0200</date><logfile>mbam-log-2016-05-19 (16-06-25).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.2.1.1043</version><malware-database>v2016.05.19.03</malware-database><rootkit-database>v2016.05.06.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>TOSH</hostname><ip>192.168.1.100</ip><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>fm</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>399966</objects><time>1678</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>warn</pup><pum>enabled</pum></options><items> </items></mbam-log>

Does it reveal the cause?

Regards


Report •

#10
June 2, 2016 at 14:12:27
"Johnw: Here are 4 mbam-logs, from 10 May and 19 May:"
Thanks xall, I did ask you to post the text file not XML.
http://imgur.com/pYQQLah

They are now too old to reveal your current situation. They do indicate there is work to be done in this area.

No need to run Malwarebytes again at this point.

"Does it reveal the cause?"
I will cover that aspect of things, when I get your problems fixed.

Remove AdwareCleaner & Junkware Removal Tool (JRT) & download the latest versions.

Here are the next 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#11
June 5, 2016 at 10:50:44
Sorry about the wrong format I posted.

AdwCleaner found one suspect (?) service:

# AdwCleaner v5.119 - Logfile created 04/06/2016 at 23:30:59
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : fm - TOSH
# Running from : C:\Users\fm\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\ProgramData\SpeedMaxPc
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Application Data\apn
Folder Found : C:\ProgramData\Application Data\ParetoLogic
Folder Found : C:\ProgramData\Application Data\SecTaskMan
Folder Found : C:\ProgramData\Application Data\SpeedMaxPc
Folder Found : C:\ProgramData\Application Data\Tarma Installer
Folder Found : C:\Users\Public\Documents\Downloaded Installers
Folder Found : C:\Program Files (x86)\DAP
Folder Found : C:\Program Files (x86)\DriverTuner
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\Program Files (x86)\RayDld
Folder Found : C:\Program Files (x86)\SpeedMaxPc
Folder Found : C:\Program Files (x86)\WinThruster
Folder Found : C:\Program Files (x86)\203C8500-1448661963-81E2-3B5B-4C72B959AA10
Folder Found : C:\Program Files (x86)\mbot_se_014010159
Folder Found : C:\Program Files (x86)\mbot_se_014010159
Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found : C:\Program Files (x86)\Common Files\Simple Adblock
Folder Found : C:\Users\fm\AppData\Local\DriverTuner
Folder Found : C:\Users\fm\AppData\Local\jZip
Folder Found : C:\Users\fm\AppData\Local\slimware utilities inc
Folder Found : C:\Users\fm\AppData\Local\mbot_se_014010159
Folder Found : C:\Users\fm\AppData\Local\mbot_se_014010159
Folder Found : C:\Users\fm\AppData\Local\VirtualStore\Program Files\RegClean
Folder Found : C:\Users\fm\AppData\LocalLow\Simple Adblock
Folder Found : C:\Users\fm\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\fm\AppData\Roaming\DigitalSites
Folder Found : C:\Users\fm\AppData\Roaming\DriverCure
Folder Found : C:\Users\fm\AppData\Roaming\DSite
Folder Found : C:\Users\fm\AppData\Roaming\Easeware
Folder Found : C:\Users\fm\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\fm\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\fm\AppData\Roaming\Solvusoft
Folder Found : C:\Users\fm\AppData\Roaming\SpeedMaxPc
Folder Found : C:\Users\fm\AppData\Roaming\Systweak
Folder Found : C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaks
Folder Found : C:\Users\fm\AppData\Local\VirtualStore\Program Files (x86)\DAP

***** [ Files ] *****

File Found : C:\windows\SysNative\roboot64.exe
File Found : C:\windows\SysNative\drivers\swdumon.sys

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk ( hxxp://www.omniboxes.com/?type=sc&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes )
Shortcut Infected : C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk ( hxxp://www.omniboxes.com/?type=sc&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes )
Shortcut Infected : C:\Users\fm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk ( hxxp://www.omniboxes.com/?type=sc&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes )
Shortcut Infected : C:\Users\fm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk ( hxxp://www.omniboxes.com/?type=sc&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes )

***** [ Scheduled tasks ] *****

Task Found : DSite
Task Found : dsmonitor
Task Found : WinThruster_DEFAULT
Task Found : WinThruster_UPDATES
Task Found : amiupdaterExd
Task Found : amiupdaterExi

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\ForeceRemove
Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found : HKCU\Software\f6d88ab769be48
Key Found : HKLM\SOFTWARE\14540fbb-374f-122e-7114-9d82e8dfa90c
Key Found : HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\Brothersoft
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\ilividtoolbarguid
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Solvusoft
Key Found : HKCU\Software\SpeedBit
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\DesktopSearch
Key Found : HKLM\SOFTWARE\ihpmserver
Key Found : HKLM\SOFTWARE\iLividSRTB
Key Found : HKLM\SOFTWARE\omniboxesSoftware
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\RayDld
Key Found : HKLM\SOFTWARE\SimilarSites
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Solvusoft
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{069b290f-5398-4629-a009-85b4bcb4b1b9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omniboxes
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster_is1
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\APN PIP
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Appscion
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Brothersoft
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\DriverTuner
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\DriverTuner_Init
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\ilividtoolbarguid
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Mozilla\Extends
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\PIP
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\SlimWare Utilities Inc
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Softonic
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Solvusoft
Key Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\SpeedBit
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [URL]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
Value Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Microsoft\Internet Explorer\SearchScopes [URL]
Value Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
Value Found : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService

***** [ Web browsers ] *****

[C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Found : user_pref("browser.newtab.url", "hxxp://www.omniboxes.com/newtab/?type=nt&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes");
[C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Found : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_aw_15_03_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0D0CzytBtAyDtA0E0BzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1Czu0C0I0S0V0E0R1V1[...]
[C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Found : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_aw_15_03_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0D0CzytBtAyDtA0E0BzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1Czu0C0I0S0V0E0R1[...]
[C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Found : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_aw_15_03_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0D0CzytBtAyDtA0E0BzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1Czu0C0I0S0V0E0[...]

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [17023 bytes] - [04/06/2016 23:30:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17097 bytes] ##########

I wonder: It put 430 MB files in FileQuarantine, viz. Program Files (x86), Program Data,
Users, and Windows. Is that something to worry about?



Report •

#12
June 5, 2016 at 11:26:19
The JRT.txt is too big to be accepted. I therefore delete a great number of entries
saying "Successfullly deleted nnnn (Empty Folder) , have I destroyed the evidence
please say so. - Yet No Luck, it says the Request Entity is too large

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by fm (Administrator) on 05.06.16 at 18:58:49.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 789

Successfully deleted: C:\ProgramData\browser (Folder)

Successfully deleted: C:\Users\fm\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UXFUTMN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYQ4237W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9HMXBZF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\fm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK6WVR4D (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UXFUTMN (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYQ4237W (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9HMXBZF (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK6WVR4D (Temporary Internet Files Folder)
Successfully deleted: C:\windows\SysWOW64\RENC061.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho24F0.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho4EAC.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho558F.tmp (File)
Successfully repaired: C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TTillbeh”r\System Tools\Internet Explorer (No Add-ons).lnk (Shortcut)

Registry: 7

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.16 at 19:01:37.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Report •

#13
June 5, 2016 at 17:11:28
"Yet No Luck, it says the Request Entity is too large"
Thanks for reporting, step by step we will fix the problems.

"I wonder: It put 430 MB files in FileQuarantine, viz. Program Files (x86), Program Data, Users, and Windows. Is that something to worry about?"
No.
Can I see the clean log please.
You can find the logfile at C:\AdwCleaner[C1 or later].txt

Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

#14
June 7, 2016 at 11:48:39
The AdwCleaner log is
# AdwCleaner v5.119 - Logfile created 04/06/2016 at 23:35:25
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : fm - TOSH
# Running from : C:\Users\fm\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\ProgramData\SpeedMaxPc
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[#] Folder Deleted : C:\ProgramData\Application Data\apn
[#] Folder Deleted : C:\ProgramData\Application Data\ParetoLogic
[#] Folder Deleted : C:\ProgramData\Application Data\SecTaskMan
[#] Folder Deleted : C:\ProgramData\Application Data\SpeedMaxPc
[#] Folder Deleted : C:\ProgramData\Application Data\Tarma Installer
[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Program Files (x86)\DAP
[-] Folder Deleted : C:\Program Files (x86)\DriverTuner
[-] Folder Deleted : C:\Program Files (x86)\jZip
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\SpeedMaxPc
[-] Folder Deleted : C:\Program Files (x86)\WinThruster
[-] Folder Deleted : C:\Program Files (x86)\203C8500-1448661963-81E2-3B5B-4C72B959AA10
[-] Folder Deleted : C:\Program Files (x86)\mbot_se_014010159
[#] Folder Deleted : C:\Program Files (x86)\mbot_se_014010159
[-] Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Simple Adblock
[-] Folder Deleted : C:\Users\fm\AppData\Local\DriverTuner
[-] Folder Deleted : C:\Users\fm\AppData\Local\jZip
[-] Folder Deleted : C:\Users\fm\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\fm\AppData\Local\mbot_se_014010159
[#] Folder Deleted : C:\Users\fm\AppData\Local\mbot_se_014010159
[-] Folder Deleted : C:\Users\fm\AppData\Local\VirtualStore\Program Files\RegClean
[-] Folder Deleted : C:\Users\fm\AppData\LocalLow\Simple Adblock
[-] Folder Deleted : C:\Users\fm\AppData\LocalLow\Toolbar4
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\DigitalSites
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\DSite
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\Easeware
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\PerformerSoft
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\SpeedMaxPc
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaks
[-] Folder Deleted : C:\Users\fm\AppData\Local\VirtualStore\Program Files (x86)\DAP

***** [ Files ] *****

[-] File Deleted : C:\windows\SysNative\roboot64.exe
[-] File Deleted : C:\windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
[-] Shortcut Disinfected : C:\Users\fm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Shortcut Disinfected : C:\Users\fm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
[-] Shortcut Disinfected : C:\Users\fm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : DSite
[-] Task Deleted : dsmonitor
[-] Task Deleted : WinThruster_DEFAULT
[-] Task Deleted : WinThruster_UPDATES
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ForeceRemove
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKCU\Software\f6d88ab769be48
[-] Key Deleted : HKLM\SOFTWARE\14540fbb-374f-122e-7114-9d82e8dfa90c
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
[-] Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
[-] Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Appscion
[-] Key Deleted : HKCU\Software\Brothersoft
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\ilividtoolbarguid
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKCU\Software\PIP
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Solvusoft
[-] Key Deleted : HKCU\Software\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\DesktopSearch
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\iLividSRTB
[-] Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\SimilarSites
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Solvusoft
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{069b290f-5398-4629-a009-85b4bcb4b1b9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omniboxes
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [URL]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[#] Value Deleted : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Microsoft\Internet Explorer\SearchScopes [URL]
[#] Value Deleted : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[#] Value Deleted : HKU\S-1-5-21-1378777288-3166350604-145604183-1000\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService

***** [ Web browsers ] *****

[-] [C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.omniboxes.com/newtab/?type=nt&ts=1448661873&z=38e639dcb92a826085e06c4g8zez6b4qbq2gbb1m5c&from=amt&uid=toshibaxmq01abd050_62qes8aesxx62qes8aes");
[-] [C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_aw_15_03_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0D0CzytBtAyDtA0E0BzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1Czu0C0I0S0V0E0R1V1[...]
[-] [C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_aw_15_03_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0D0CzytBtAyDtA0E0BzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1Czu0C0I0S0V0E0R1[...]
[-] [C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js] Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_aw_15_03_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0D0CzytBtAyDtA0E0BzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1Czu0C0I0S0V0E0[...]

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16314 bytes] - [04/06/2016 23:35:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [17205 bytes] - [04/06/2016 23:30:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16462 bytes] ##########

Incidentally, I ran AdwCleaner on 18 Apr which gave the following (nicer?) log:


# AdwCleaner v2.007 - Logfile created 04/18/2016 at 23:54:18
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : fm - TOSH
# Boot Mode : Normal
# Running from : C:\Program Files (x86)\Antivirus\AdwCleaner\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\fm\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Brothersoft
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.11.9600.17843

[OK] Registry is clean.

-\\ Mozilla Firefox v40.0.3 (x86 en-US)

Profile name : default-1417549941452 [Profil par défaut]
File : C:\Users\fm\AppData\Roaming\Mozilla\Firefox\Profiles\crnohhtd.default-1417549941452\prefs.js

[OK] File is clean.

-\\ Opera v12.17.1863.0

File : C:\Users\fm\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [5135 octets] - [03/12/2014 00:40:54]
AdwCleaner[R4].txt - [4735 octets] - [18/04/2016 23:54:18]

########## EOF - C:\AdwCleaner[R4].txt - [4795 octets] ##########


Report •

#15
June 7, 2016 at 11:59:59
As to the Next Step: I downloaded and ran Farbar Recovderyy Sccan Tool and have the logs, but the
business with Zippyshare honestly is beyond me. I thoroughly appreciate the time and effort you have
given this matter, but now the procedures become too hot for me to handle. Please accept my gratitude.

Report •

#16
June 7, 2016 at 17:23:31
"but the business with Zippyshare honestly is beyond me"
You can upload the logs anywhere you like & then give me the links.

Or, you can use this tool.

Image Uploader
http://www.softpedia.com/get/Intern...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/Wg3nZ4G.gif
http://i.imgur.com/txFkgpT.gif


Report •

#17
June 9, 2016 at 13:45:13
Thank you again, Johnw, but this is becoming too involved for me. I abstain, and I shall live with
the problem. Bear with an old man.

Report •

Ask Question