Youtube popup havoc

Lets try uninstalling them in Safemode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
 
Niet to safemode...

More bad news. In safe mode, on three of the programs written solely in Russian, this is the response to clicking uninstall: Windows Installer- The Windows Installer Service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personnel for assistance.

The other program that says it is Windows Essential 2012, in English, but when I click on it to uninstall, a screen written in Russian pops up. There are several boxes to check, some are in English. I checked them all ( Messenger, cemenhar, 6e3onacHocTb, Writer, Photo Gallery and Movie Maker, no4Ta, Windows Live ID Sign-in Assistant). After that it was a stab in the dark. Every choice and message was in Russian. After picking a variety of all of them, trying to guess, I got a bar of some sort to start uninstalling, and when it got a quarter the way along, it just stopped and everything went back to the uninstall program list. Thus messenger in Russian is still on the task bar and the programs happily nested within. Suzy
 
New revelation

Just to add to the drama. I also just realized that these downloads that are ALL in Russian didn't come from the PerForMax ad from Youtube. My 15 year old daughter, on 9-19 @ ~ 2200, just admitted to trying to download Movie Maker from a Google search. She didn't realize that wasn't a good thing to do.So Movie Maker and Photo Gallery along with the rest are Russian too. Suzy
 
Lets try a different program and see if it picks these up


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Spybot...

I can't disable Spybot. I followed the link to how to disable Spybot Teatimer, but the icons are not the same as the ones described in the instructions: SPYBOT TEATIMER

Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
 
Just to ahead and run Combofix without disabling the tea timer. If CF wont run on account of it go ahead and uninstall Spybot via Programs and Features, then run CF. We can always reinstall Spybot when where done
 
It ran...

I ran the Combofix with the warning that running it with spybot was at my own risk.

ComboFix 14-09-24.01 - Computer 09/25/2014 22:20:18.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8155.5852 [GMT -4:00]
Running from: c:\users\Computer\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Computer\Documents\~WRL0002.tmp
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-08-26 to 2014-09-26 )))))))))))))))))))))))))))))))
.
.
2014-09-26 02:24 . 2014-09-26 02:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-26 02:24 . 2014-09-26 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-25 23:02 . 2014-09-25 23:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB036C58-997F-4F43-9311-2D6766ABC13D}\offreg.dll
2014-09-25 21:59 . 2014-09-25 21:59 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-09-24 20:22 . 2014-09-15 06:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB036C58-997F-4F43-9311-2D6766ABC13D}\mpengine.dll
2014-09-23 22:05 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-23 22:05 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-23 17:57 . 2014-09-26 02:13 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 17:57 . 2014-09-23 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-23 17:57 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-23 17:57 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-23 17:57 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-23 17:51 . 2014-09-23 17:51 -------- d-----w- c:\windows\ERUNT
2014-09-23 15:51 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-23 15:50 . 2014-09-23 15:52 -------- d-----w- C:\AdwCleaner
2014-09-23 02:03 . 2014-09-25 18:20 -------- d-----w- C:\FRST
2014-09-23 01:56 . 2014-09-23 01:56 -------- d-----w- C:\RegBackup
2014-09-23 01:54 . 2014-09-23 01:55 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-09-20 05:08 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-09-20 05:08 . 2014-09-20 06:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-20 05:08 . 2014-09-20 05:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-09-20 05:06 . 2014-09-20 05:06 -------- d-----w- c:\users\Computer\AppData\Roaming\Lavasoft
2014-09-20 04:49 . 2014-09-20 04:49 -------- d-----w- c:\program files\Lavasoft
2014-09-20 04:47 . 2014-09-22 17:02 -------- d-----w- c:\program files (x86)\Lavasoft
2014-09-20 04:46 . 2014-09-20 04:46 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-09-20 04:45 . 2014-09-20 04:45 -------- d-----w- c:\programdata\Lavasoft
2014-09-20 02:48 . 2014-09-25 22:00 -------- d-----w- c:\users\Computer\Tracing
2014-09-20 02:46 . 2014-09-20 02:46 -------- d-----w- c:\windows\ru
2014-09-20 02:46 . 2014-09-20 02:46 -------- d-----w- c:\windows\en
2014-09-20 02:45 . 2014-09-20 02:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-09-20 02:44 . 2014-09-20 02:44 -------- dc----w- c:\windows\system32\DRVSTORE
2014-09-20 02:44 . 2014-04-01 01:06 58056 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-09-20 02:44 . 2014-09-20 02:44 -------- d-----w- c:\program files\Windows Live
2014-09-20 02:44 . 2014-09-20 02:45 -------- d-----w- c:\program files (x86)\Windows Live
2014-09-20 02:40 . 2014-09-20 02:40 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2014-09-20 02:39 . 2014-09-20 02:39 -------- d-----r- c:\users\Computer\OneDrive
2014-09-20 02:39 . 2014-09-20 02:39 -------- d-----w- c:\programdata\Microsoft OneDrive
2014-09-20 02:32 . 2014-09-25 22:19 -------- d-----w- c:\users\Computer\AppData\Local\Windows Live
2014-09-20 02:31 . 2014-09-20 02:31 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-09-20 02:31 . 2014-09-20 02:31 -------- d-----w- c:\users\Computer\AppData\Local\IsolatedStorage
2014-09-19 21:26 . 2014-09-19 21:26 -------- d-----w- c:\program files\Microsoft Silverlight
2014-09-19 21:26 . 2014-09-19 21:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-09-12 05:16 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-12 05:16 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-12 01:51 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-12 01:51 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-12 01:51 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-12 01:51 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-12 01:50 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-12 01:50 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-12 01:50 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-12 01:50 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-12 01:50 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-12 01:50 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-12 01:50 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-02 02:58 . 2007-03-05 16:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll
2014-09-02 02:56 . 2014-09-02 02:58 -------- d--h--w- c:\windows\msdownld.tmp
2014-09-01 05:04 . 2014-09-01 05:04 -------- d-----w- c:\program files (x86)\Electronic Arts
2014-08-27 17:23 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-27 17:23 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-27 17:23 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 21:59 . 2013-04-09 23:07 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-09-20 02:44 . 2012-07-17 18:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-15 13:06 . 2013-04-09 21:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-12 05:17 . 2013-04-11 10:21 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-10 16:34 . 2013-04-16 20:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 16:34 . 2013-04-16 20:14 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-16 00:09 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-16 00:09 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-10 18:09 . 2014-07-10 18:09 389240 ----a-w- c:\windows\system32\drivers\Trufos.sys
2014-07-09 02:03 . 2014-08-16 00:10 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-16 00:10 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-16 00:10 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-16 00:10 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-16 00:10 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-16 00:10 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-16 00:10 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-16 06:07 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-16 06:07 8856 ----a-w- c:\windows\SysWow64\icardres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-20 02:39 223432 ----a-w- c:\users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-20 02:39 223432 ----a-w- c:\users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-20 02:39 223432 ----a-w- c:\users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-05-26 2688920]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-12-11 2750840]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2014-05-06 2234064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 01:51 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-16 16:34]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 02:30]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 02:30]
.
2014-09-26 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2014-07-01 04:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-05-23 06:10 671904 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-05-23 06:10 671904 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-05-23 06:10 671904 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-20 02:39 262344 ----a-w- c:\users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-20 02:39 262344 ----a-w- c:\users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-20 02:39 262344 ----a-w- c:\users\Computer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [2014-08-27 8886592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pinterest.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\u00u3bmn.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.biblegateway.com/versions/King-James-Version-KJV-Bible/#books
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Tweaking.com - Registry Backup - c:\users\Computer\Desktop\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-25 22:25:42
ComboFix-quarantined-files.txt 2014-09-26 02:25
.
Pre-Run: 398,988,914,688 bytes free
Post-Run: 398,816,231,424 bytes free
.
- - End Of File - - 0E5C4BA33CB93339D4DE2DBA370E4AB7
 
Combofix didn't find or remove it

Open up FRST and copy and paste this in to box

WinLiveSuite

Then click on Search Files and post the report

Then do it again and this time Search Registry
 
Onward...

Ken, Thanks for your patience. What is the infection considered to be called? Also, I won't be back until sometime this evening. Suzy

Here is the FRST using search files:

Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Computer at 2014-09-26 07:48:49
Running from C:\Users\Computer\Desktop
Boot Mode: Normal

================== Search Files: "WinLiveSuite" =============

====== End Of Search ======

Now using Search Registry:

Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Computer at 2014-09-26 07:52:50
Running from C:\Users\Computer\Desktop
Boot Mode: Normal

================== Search Registry: "WinLiveSuite" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1774ADF8E21F22755857AB9014AC2B52]
"D9185B6607EDEB244BF079F8AB2154E2"="02:\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite\WLWave"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1774ADF8E21F22755857AB9014AC2B52]
"E54E771D3AB21C245807CC2A12B759C8"="02:\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite\WLWave"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\391A76DCA708AF240A16D50D7BF95562]
"D9185B6607EDEB244BF079F8AB2154E2"="02:\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite\URLInfoAbout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\391A76DCA708AF240A16D50D7BF95562]
"E54E771D3AB21C245807CC2A12B759C8"="02:\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite\URLInfoAbout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]

====== End Of Search ======
 
This is new to me , have not seen it before, these garbage is never ending.

You may have gotten it when you installed PerforMax Cleaner but I dont see it in your list of installed programs

PerforMax Cleaner has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
Click to expand...


The logs from the FRST search are not helpful, I was hoping to find a registry run key that starts this thing up and remove it but there was none.

But found this in your original log, lets give it a shot


First you have Tweeking Registry back up, do another back up of your registry

The create a new System Restore Point
http://windows.microsoft.com/en-us/windows7/create-a-restore-point

The instructions for creating a new Restore Point are pretty clear right under the video


Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

Code: 
Start
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
C:\Program Files (x86)\Windows Live\Messenger
2014-09-19 22:46 - 2014-09-19 22:46 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-19 22:44 - 2014-09-19 22:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-19 22:44 - 2014-09-19 22:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-19 22:44 - 2014-09-19 22:44 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-19 22:32 - 2014-09-22 21:26 - 00000000 ____D () C:\Users\Computer\AppData\Local\Windows Live
2014-09-19 22:29 - 2014-09-19 22:29 - 00634992 _____ (© 2014 ClientConnect Ltd.) C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX.exe
2014-09-19 22:29 - 2014-09-19 22:29 - 00000000 ____D () C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX
2014-09-19 22:46 - 2014-09-19 22:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-19 22:45 - 2014-09-19 22:45 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-19 22:45 - 2014-09-19 22:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-19 22:44 - 2014-09-19 22:44 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-19 22:29 - 2014-09-19 22:29 - 00634992 _____ (© 2014 ClientConnect Ltd.) C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX.exe
2014-09-19 22:29 - 2014-09-19 22:29 - 00000000 ____D () C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\MountPoints2: {262e6610-a165-11e2-a6b9-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\MountPoints2: {3386465a-a169-11e2-bdde-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\MountPoints2: {62200ff3-090b-11e4-bab4-f84e697c68e4} - E:\MI.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1001\...\MountPoints2: {262e6610-a165-11e2-a6b9-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1001\...\MountPoints2: {3386465a-a169-11e2-bdde-806e6f6e6963} - D:\shellexe.exe Start.htm
HKU\S-1-5-21-3631100180-372296517-2715455636-1001\...\MountPoints2: {62200ff3-090b-11e4-bab4-f84e697c68e4} - E:\MI.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Last edited:
New info - it may have worked...

Here is the information requested. I'm getting much faster at this. Suzy

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Computer at 2014-09-26 22:59:06 Run:3
Running from C:\Users\Computer\Desktop
Loaded Profiles: Computer & UpdatusUser (Available profiles: Computer & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
C:\Program Files (x86)\Windows Live\Messenger
2014-09-19 22:46 - 2014-09-19 22:46 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-19 22:44 - 2014-09-19 22:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-19 22:44 - 2014-09-19 22:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-19 22:44 - 2014-09-19 22:44 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-19 22:32 - 2014-09-22 21:26 - 00000000 ____D () C:\Users\Computer\AppData\Local\Windows Live
2014-09-19 22:29 - 2014-09-19 22:29 - 00634992 _____ (© 2014 ClientConnect Ltd.) C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX.exe
2014-09-19 22:29 - 2014-09-19 22:29 - 00000000 ____D () C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX
2014-09-19 22:46 - 2014-09-19 22:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-19 22:45 - 2014-09-19 22:45 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-19 22:45 - 2014-09-19 22:45 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-19 22:45 - 2014-09-19 22:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-19 22:44 - 2014-09-19 22:44 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-19 22:29 - 2014-09-19 22:29 - 00634992 _____ (© 2014 ClientConnect Ltd.) C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX.exe
2014-09-19 22:29 - 2014-09-19 22:29 - 00000000 ____D () C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\MountPoints2: {262e6610-a165-11e2-a6b9-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\MountPoints2: {3386465a-a169-11e2-bdde-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1000\...\MountPoints2: {62200ff3-090b-11e4-bab4-f84e697c68e4} - E:\MI.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1001\...\MountPoints2: {262e6610-a165-11e2-a6b9-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3631100180-372296517-2715455636-1001\...\MountPoints2: {3386465a-a169-11e2-bdde-806e6f6e6963} - D:\shellexe.exe Start.htm
HKU\S-1-5-21-3631100180-372296517-2715455636-1001\...\MountPoints2: {62200ff3-090b-11e4-bab4-f84e697c68e4} - E:\MI.exe
End
*****************

HKU\S-1-5-21-3631100180-372296517-2715455636-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => Value not found.
C:\Program Files (x86)\Windows Live\Messenger => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live => Moved successfully.
C:\Program Files (x86)\Windows Live => Moved successfully.
C:\Program Files\Windows Live => Moved successfully.
C:\Users\Computer\AppData\Local\Windows Live => Moved successfully.
"C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX.exe" => File/Directory not found.
C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk" => File/Directory not found.
"C:\Program Files (x86)\Windows Live" => File/Directory not found.
"C:\Program Files\Windows Live" => File/Directory not found.
"C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX.exe" => File/Directory not found.
"C:\Users\Computer\Downloads\Windows_Movie_Maker_TSV3CYINX" => File/Directory not found.
"HKU\S-1-5-21-3631100180-372296517-2715455636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{262e6610-a165-11e2-a6b9-806e6f6e6963}" => Key not found.
"HKCR\CLSID\{262e6610-a165-11e2-a6b9-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3631100180-372296517-2715455636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3386465a-a169-11e2-bdde-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{3386465a-a169-11e2-bdde-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3631100180-372296517-2715455636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62200ff3-090b-11e4-bab4-f84e697c68e4}" => Key not found.
"HKCR\CLSID\{62200ff3-090b-11e4-bab4-f84e697c68e4}" => Key not found.
"HKU\S-1-5-21-3631100180-372296517-2715455636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{262e6610-a165-11e2-a6b9-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{262e6610-a165-11e2-a6b9-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3631100180-372296517-2715455636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3386465a-a169-11e2-bdde-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{3386465a-a169-11e2-bdde-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3631100180-372296517-2715455636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62200ff3-090b-11e4-bab4-f84e697c68e4}" => Key deleted successfully.
"HKCR\CLSID\{62200ff3-090b-11e4-bab4-f84e697c68e4}" => Key not found.

==== End of Fixlog ====
 
Yes and no...

ken545 said:
Are those programs in Russian still there ?
Click to expand...

The one that said Windows Essentials 2012 appears to be gone. But the other three that are written in Russian are still at the bottom of the uninstall list. I was able to click on the first one. I was asked, "Do you wish to uninstall?" I said yes. "Please wait". Then I got a message, "Do you wish Windows Essential to make changes to your hard drive?" I stopped at that point and said cancel. Suzy
 
Gone? Really Gone?

ken545 said:
Go ahead and let Windows Essential make the change, just uninstall anything you can
Click to expand...

They appear to be gone. Wonderful! You have been so long-suffering with this! There is one small remnant. On my task bar there is a Messenger Window icon that loads with my computer.

Is it safe again to log into sites without being tracked?

Suzy
 
SuzyQ said:
There is one small remnant. On my task bar there is a Messenger Window icon that loads with my computer.
Click to expand...

The icon when clicked say that it can't start because the UXcore.dll is missing from your computer. Also, I won't be back until late tonight. Have to go to work so I can make a donation to this wonderful site.

Suzy
 
Suzy, UXcore is part of of the programs we just removed, lets do this

Click the Start button .
In the Search box, type command prompt.
In the list of results, right-click Command Prompt, and then click Run as administrator

Then copy and paste this in

SFC /scannow

Window may find and fix that file
 
none...

ken545 said:
Click the Start button .
In the Search box, type command prompt.
In the list of results, right-click Command Prompt, and then click Run as administrator
Click to expand...

Ken, There are no results - nothing listed when I search for command prompt in the box. Although when I select 'see more results', I get a list that says, 'Libraries', 'Homegroup', 'computer', 'custom', 'internet'. Selecting 'computer', there are only two choices:

C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
and
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

Selecting 'libraries', I get one of my docx files.

Nothing for the other two.

Thank you again,

Suzy
 
When you click on the Start Button you should see the Command Prompt, if not then go to the Accessories Folder and the Command Prompt will be in there, be sure to right click on it and select RUN AS ADMINISTRATOR or the tool wont work, type in or copy and paste SFC /SCANNOW The space between the C and / is needed. This will start System File Checker and it may fix or replace that missing file
 
Can't run as admin...

ken545 said:
right click on it and select RUN AS ADMINISTRATOR or the tool wont work
Click to expand...

I found it, but anywhere that I right click on it, it never says to run as admin in the options given. Also when downloading something, when I right clicked I was never given the option to run as admin. There is just 'mark', 'paste', 'select all', 'scroll', 'find.' when right clicked.

Suzy
 
You must log in or register to reply here.
Back
Top