Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Been stupid and installed some dodgy software

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Been stupid and installed some dodgy software

Unread postby diggerdi » January 22nd, 2013, 4:12 pm

Hi, this site has helped me twice in the past with malware, for which I was extremely grateful (and still am!).

However, I have done something really stupid and wonder if you can help me to get rid of a program I have purchased online and downloaded and since found it is a con. Apparently it is difficult to get rid of as, if you use the uninstaller, it leaves lots of bits on your computer. As a bit of background info, I have recently upgraded to BT Infinity 2 fibreoptic broadband but not getting the speed I should. A BT engineer came out and he got a full 80mb at the router and also on his laptop, which means it is my laptop which is at fault (only getting about 36mb).I though I would give my computer a clean up so I searched and found a site called SpeedyPC Pro, which says it will find unused program bits, clean the registry etc and speed it up. I downloaded it at a cost of £19 + VAT and ran it. Obviously, I haven't noticed any difference in the running of my laptop. The main worry is that it is on an automatic annual renewal and I cannot get an answer from the company I paid through (Safecart.com) via Paypal.

I will sort this out through Paypal, but I have now done some research (bit late, I know) and it is apparently virtually impossible to uninstall this program. This is why I am posting here, in the hope that you can help me delete all trace of this program from my computer.

Sorry I have been so stupid and don't really deserve your help :oops:

Here are the logs:

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_33
Run by Diane at 20:00:56 on 2013-01-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3001.1771 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\igfxext.exe
C:\Users\Diane\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k2x224
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k2x224
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k2x224
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.8.3.8\bh\BabylonToolbar.dll
BHO: {301E869B-7137-7011-1332-E0F535FB2FD7} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.1.10\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.1.10\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.8.3.8\BabylonToolbarTlbr.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{4D04D00B-A1D2-47F2-A114-A5D7A6BEDE69} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\diane\appdata\roaming\mozilla\firefox\profiles\sbrbqxy3.default-1355778387812\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.0.1\npsitesafety.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-12-14 19:56; mcciwbch@motive.com; c:\program files\mozilla firefox\extensions\mcciwbch@motive.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 31576]
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\gridvista\DPMemGridVista.sys [2009-7-15 10504]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-4 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-4 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-4 59952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-7-25 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-7-14 723488]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-14 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-27 369152]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-12-31 9216]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.1\ToolbarUpdater.exe [2013-1-8 945480]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-12-26 245760]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-5-26 72832]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-7-15 49664]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2012-8-27 22528]
S2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe --> c:\programdata\browser manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-30 947528]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-7 83168]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-7 181344]
S3 utblfilt;utblfilt;c:\windows\system32\drivers\UTBLFILT.sys [2012-8-27 12084]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-20 20:30:21 -------- d-----w- c:\programdata\The Mirror Mysteries
2013-01-20 20:26:31 -------- d-----w- c:\program files\The Mirror Mysteries
2013-01-20 19:25:24 -------- d-----w- c:\users\diane\appdata\roaming\PopCapv1000
2013-01-20 19:24:56 -------- d-----w- c:\programdata\PopCap Games
2013-01-20 19:24:56 -------- d-----w- c:\program files\PopCap Games
2013-01-19 15:48:08 -------- d-----w- c:\users\diane\appdata\roaming\DriverCure
2013-01-19 15:48:07 -------- d-----w- c:\users\diane\appdata\roaming\SpeedyPC Software
2013-01-19 15:47:55 -------- d-----w- c:\program files\common files\SpeedyPC Software
2013-01-19 15:47:52 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-19 15:47:52 -------- d-----w- c:\program files\SpeedyPC Software
2013-01-12 16:46:21 -------- d-----w- c:\users\diane\appdata\roaming\EleFun Games
2013-01-09 20:03:09 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 20:02:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:02:48 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-06 15:20:26 -------- d-----w- c:\program files\MSECache
2013-01-06 12:37:32 -------- d-----w- c:\users\diane\appdata\roaming\Enki Games
2012-12-28 17:02:16 -------- d-----w- c:\users\diane\appdata\local\Nero
2012-12-26 19:21:15 -------- d-----r- c:\users\diane\appdata\roaming\Brother
2012-12-26 16:06:10 -------- d-----w- c:\users\diane\appdata\roaming\ControlCenter4
2012-12-26 15:43:58 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-12-26 15:43:58 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-12-26 15:43:58 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-12-26 15:43:58 217088 ------w- c:\windows\system32\NSSearch.dll
2012-12-26 15:43:58 -------- d-----w- c:\program files\Brother
2012-12-26 15:43:53 180224 ------w- c:\windows\system32\BroSNMP.dll
2012-12-26 15:40:12 -------- d-----w- c:\programdata\zeon
2012-12-26 15:39:19 -------- d-----w- c:\users\diane\appdata\roaming\Nuance
2012-12-26 15:38:22 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-12-26 15:38:19 -------- d-----w- c:\programdata\Nuance
2012-12-26 15:38:19 -------- d-----w- c:\program files\Nuance
2012-12-26 15:35:18 -------- d-----w- c:\programdata\Brother
.
==================== Find3M ====================
.
2013-01-18 19:40:50 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-18 19:40:50 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 18:24:56 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 11:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:02:09.17 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/07/2009 21:17:37
System Uptime: 22/01/2013 19:48:15 (1 hours ago)
.
Motherboard: Acer | | Aspire 5332
Processor: Celeron(R) Dual-Core CPU T3000 @ 1.80GHz | uPGA-478 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 69.57 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer ePower Management
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AGEIA PhysX v2.6.0
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2013
AVG Security Toolbar
Awakening: Moonfell Wood
Awakening: The Dreamless Castle
Babylon toolbar
BabylonObjectInstaller
Big Fish Games: Game Manager
Botanica: Into the Unknown Collector's Edition
Brother MFL-Pro Suite MFC-J6510DW
BT Broadband Support Tools
BT Desktop Help
BTHomeHub
Bullzip PDF Printer 7.1.0.1218
C64 Forever
calibre
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5100 series MP Drivers
Canon MG5100 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CCleaner
CCS64 V3.8
Compatibility Pack for the 2007 Office system
D3DX10
docrafts Digital Designer™
Escape Whisper Valley
eSobi v2
Family Tree Maker 2012
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GPL Ghostscript Lite 8.70
greenstreet Picture Browser
GridVista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
ImagXpress
inSSIDer 2.0
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 33
Junk Mail filter update
Launch Manager
Lizardtech DjVu Control
MCS Artwork
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 97, Professional Edition
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 6-9 Converter
Microsoft WSE 3.0
Microsoft WSE 3.0 Runtime
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MyWinLocker
Napster
Napster Burn Engine
neroxml
NISIS USB Tablet Driver
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Nuance PaperPort 12
Nuance PDF Viewer Plus
OGA Notifier 2.0.0048.0
Orion
Paint Shop Pro 7 Anniversary Edition
PaperPort Image Printer
PhotoArt Vol 1
PhotoArt Vol 2
PhotoArt Vol 3
PIF DESIGNER2.1
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ROUTE 66 Sync
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scansoft PDF Professional
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Windows Media Encoder (KB2447961)
Segoe UI
Serif CraftArtist 2 Professional
Serif CraftArtist Baby Photos Collection
Serif CraftArtist Greeting Cards Collection
Serif CraftArtist Professional
Serif CraftArtist Scrapbooks Collection
Serif CraftArtist Wedding Days Collection
Serif Digital Scrapbook Artist
Serif Digital Scrapbook Artist 2
Serif Photo Projects 2
Software Director
SpeedyPC Pro
SureThing CD Labeler - Stomper Edition 32 bit
Synaptics Pointing Device Driver
Tearstone Game
The Mirror Mysteries
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Vodafone Mobile Broadband
VT Transaction+
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinZip 16.5
.
==== End Of File ===========================


Thanks in anticipation, Diane

PS I have been in touch with Safecart.com by phone and, thankfully, they have cancelled the auto renewal and also refunded my money. :o
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm
Advertisement
Register to Remove

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » January 24th, 2013, 6:15 pm

Hello diggerdi, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » January 26th, 2013, 12:44 am

Greetings diggerdi,


Can you tell me what this computer is used for?


SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *SpeedyPC*
    
    :folderfind
    *SpeedyPC*
    
    :Regfind
    SpeedyPC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Answer to my Question about computer usage.
  2. Contents of Systemlook.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby diggerdi » January 26th, 2013, 5:57 pm

Hi wbg

Thanks for getting back to me.

The computer is used purely for leisure. I use it mainly for surfing the web and also for papercraft use (cardmaking & scrapbooking). I have an external hard drive which I connect which has quite a lot of papercrafting programmes/cds on it.

Here is the log.

SystemLook 30.07.11 by jpshortstuff
Log created at 21:49 on 26/01/2013 by Diane
Administrator - Elevation successful

========== filefind ==========

Searching for "*SpeedyPC*"
C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe --a---- 680704 bytes [22:20 28/12/2012] [22:20 28/12/2012] 8D11F79D5E8789D91BAA45DC5C56D93A
C:\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe --a---- 4642560 bytes [22:20 28/12/2012] [22:20 28/12/2012] 58A8DE1914AE84E369A4BC0F6A60C33B
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software\SpeedyPC Pro\SpeedyPC Pro.lnk --a---- 1040 bytes [15:48 19/01/2013] [15:48 19/01/2013] F6AEBAFFC3AF7A5602F259D2CB98D116
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software\SpeedyPC Pro\Uninstall SpeedyPC Pro.lnk --a---- 1045 bytes [15:48 19/01/2013] [15:48 19/01/2013] 65A380065B1E50EDF53D5682CF8EBB64
C:\Users\Diane\Downloads\SpeedyPC Pro Installer_5b714c44_.exe --a---- 5026936 bytes [15:46 19/01/2013] [15:47 19/01/2013] EC14B17A66289D84B68BBE34A2DECACB
C:\Windows\System32\Tasks\SpeedyPC Pro --a---- 3316 bytes [15:47 19/01/2013] [15:47 19/01/2013] E1AF02112BCB67B40F8A9DCFF7688903
C:\Windows\System32\Tasks\SpeedyPC Registration3 --a---- 3132 bytes [15:48 19/01/2013] [15:48 19/01/2013] D7B141E29010A2EF88B61E647341F7A1
C:\Windows\System32\Tasks\SpeedyPC Update Version3 --a---- 3250 bytes [15:47 19/01/2013] [15:48 19/01/2013] 8C80FD9F6578D6DD72624A19331DF779
C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task --a---- 2918 bytes [15:47 19/01/2013] [15:48 19/01/2013] B32E29213AEDD8720A32C742039C5E4C
C:\Windows\Tasks\SpeedyPC Pro.job --a---- 396 bytes [15:47 19/01/2013] [16:06 19/01/2013] 917B9F514A93683FD04FB91FF4C5F692
C:\Windows\Tasks\SpeedyPC Registration3.job --a---- 468 bytes [15:48 19/01/2013] [18:00 26/01/2013] 7343914B300EF6BE732DFF923F7DF3BE
C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job --a---- 492 bytes [15:47 19/01/2013] [16:02 26/01/2013] E9E791782DCEF321A108990C8FB66E02
C:\Windows\Tasks\SpeedyPC Update Version3.job --a---- 440 bytes [15:47 19/01/2013] [16:06 19/01/2013] EB43266B96893F78D76BAEC5E7B6C1BC

========== folderfind ==========

Searching for "*SpeedyPC*"
C:\Program Files\SpeedyPC Software d------ [15:47 19/01/2013]
C:\Program Files\Common Files\SpeedyPC Software d------ [15:47 19/01/2013]
C:\Program Files\SpeedyPC Software\SpeedyPC d------ [15:47 19/01/2013]
C:\ProgramData\SpeedyPC Software d------ [15:47 19/01/2013]
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro d------ [15:47 19/01/2013]
C:\ProgramData\SpeedyPC Software\UUS3\SpeedyPC d------ [15:47 19/01/2013]
C:\Users\All Users\SpeedyPC Software d------ [15:47 19/01/2013]
C:\Users\All Users\SpeedyPC Software\SpeedyPC Pro d------ [15:47 19/01/2013]
C:\Users\All Users\SpeedyPC Software\UUS3\SpeedyPC d------ [15:47 19/01/2013]
C:\Users\Diane\AppData\Roaming\SpeedyPC Software d------ [15:48 19/01/2013]
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software d------ [15:48 19/01/2013]
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software\SpeedyPC Pro d------ [15:48 19/01/2013]
C:\Users\Diane\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro d------ [15:48 19/01/2013]

========== Regfind ==========

Searching for "SpeedyPC"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
@="{0.0.0.00000000}.{0aea5c7a-52f7-4cc9-bba8-ebebe1b0b022}|\Device\HarddiskVolume2\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software\SpeedyPC Pro]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="%programfiles%\SpeedyPC Software\1"
[HKEY_CURRENT_USER\Software\SpeedyPC Software]
[HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC Pro]
[HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC UNS]
[HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC UNS\SpeedyPC Pro]
[HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC UNS\SpeedyPC Pro]
"SettingsFilename"="C:\Program Files\SpeedyPC Software\SpeedyPC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD2C2C47-0FDB-4980-B215-40FA21A65392}\1SpeedyPC Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD2C2C47-0FDB-4980-B215-40FA21A65392}\1SpeedyPC Software\SpeedyPC Pro]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
"InstallLocation"="C:\Program Files\SpeedyPC Software\SpeedyPC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
"DisplayName"="SpeedyPC Pro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
"DisplayIcon"="C:\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
"UninstallString"="C:\Program Files\SpeedyPC Software\SpeedyPC\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
"URLInfoAbout"="http://www.speedypc.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
"Publisher"="SpeedyPC Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6264BD8E-2E55-43E8-BA09-D4737221452B}]
"Path"="\SpeedyPC Update Version3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC9AFE1-0041-4271-9428-FCF93E4AD0D3}]
"Path"="\SpeedyPC Registration3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C08B69C5-FE18-4EA7-BCBB-B79BA28D037B}]
"Path"="\SpeedyPC Update Version3 Startup Task"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E30CCBCD-0336-46E7-B05D-F895AA2DA74F}]
"Path"="\SpeedyPC Pro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Pro]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Registration3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3 Startup Task]
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\SpeedyPC Pro]
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\UUS3]
"path"="C:\Program Files\Common Files\SpeedyPC Software\UUS3"
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\UUS3\Preset\SpeedyPC]
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\UUS3\Preset\SpeedyPC]
"AppExe"="C:\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
@="{0.0.0.00000000}.{0aea5c7a-52f7-4cc9-bba8-ebebe1b0b022}|\Device\HarddiskVolume2\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software]
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software\SpeedyPC Pro]
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="%programfiles%\SpeedyPC Software\1"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software]
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software\SpeedyPC Pro]
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software\SpeedyPC UNS]
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software\SpeedyPC UNS\SpeedyPC Pro]
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software\SpeedyPC UNS\SpeedyPC Pro]
"SettingsFilename"="C:\Program Files\SpeedyPC Software\SpeedyPC"

-= EOF =-

I had no problems at all executing the instructions. They were very clear, thank you.

Diane
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » January 27th, 2013, 6:25 pm

Greetings diggerdi,


Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    control appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Babylon toolbar
    BabylonObjectInstaller
    Java(TM) 6 Update 33
    SpeedyPC Pro
  4. Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.

Note: If SpeedyPC Pro does not uninstall, we will take care of it.


Step 2.
Run OTL Script

We need to run an OTL Fix
  • Please download OTL ... by Old Timer . Save it to your Desktop.
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
    @=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
    "a"=-
    [-HKEY_CURRENT_USER\Software\SpeedyPC Software]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD2C2C47-0FDB-4980-B215-40FA21A65392}\1SpeedyPC Software]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
    "DisplayIcon"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
    "UninstallString"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
    "URLInfoAbout"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6264BD8E-2E55-43E8-BA09-D4737221452B}]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC9AFE1-0041-4271-9428-FCF93E4AD0D3}]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C08B69C5-FE18-4EA7-BCBB-B79BA28D037B}]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E30CCBCD-0336-46E7-B05D-F895AA2DA74F}]
    "Path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Pro]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Registration3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3 Startup Task]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\UUS3]
    [HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
    @=-
    [-HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software]
    [HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
    "a"=-
    [-HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software]
    
    :Files
    C:\Users\Diane\Downloads\SpeedyPC Pro Installer_5b714c44_.exe
    C:\Windows\System32\Tasks\SpeedyPC Pro
    C:\Windows\System32\Tasks\SpeedyPC Registration3
    C:\Windows\System32\Tasks\SpeedyPC Update Version3
    C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
    C:\Windows\Tasks\SpeedyPC Pro.job
    C:\Windows\Tasks\SpeedyPC Registration3.job
    C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    C:\Windows\Tasks\SpeedyPC Update Version3.job
    C:\Program Files\SpeedyPC Software
    C:\Program Files\Common Files\SpeedyPC Software
    C:\Program Files\SpeedyPC Software\SpeedyPC
    C:\ProgramData\SpeedyPC Software
    C:\ProgramData\SpeedyPC Software\SpeedyPC Pro
    C:\ProgramData\SpeedyPC Software\UUS3\SpeedyPC
    C:\Users\All Users\SpeedyPC Software
    C:\Users\All Users\SpeedyPC Software\SpeedyPC Pro
    C:\Users\All Users\SpeedyPC Software\UUS3\SpeedyPC
    C:\Users\Diane\AppData\Roaming\SpeedyPC Software
    C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    C:\Users\Diane\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 3.
SystemLook
  • Double-click SystemLook.exe to run it. It should still be on your desktop.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *SpeedyPC*
    
    :folderfind
    *SpeedyPC*
    
    :Regfind
    SpeedyPC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of OTL.txt log
  2. Contents of Systemlook.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby diggerdi » January 28th, 2013, 5:04 pm

Hi wbg

OTL.txt log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\\a not found.
Registry key HKEY_CURRENT_USER\Software\SpeedyPC Software\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD2C2C47-0FDB-4980-B215-40FA21A65392}\1SpeedyPC Software\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6264BD8E-2E55-43E8-BA09-D4737221452B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC9AFE1-0041-4271-9428-FCF93E4AD0D3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C08B69C5-FE18-4EA7-BCBB-B79BA28D037B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E30CCBCD-0336-46E7-B05D-F895AA2DA74F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Pro\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Registration3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3 Startup Task\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpeedyPC Software\UUS3\ not found.
Registry value HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0\\@ not found.
Registry key HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpeedyPC Software\ not found.
Registry value HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\\a not found.
Registry key HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\SpeedyPC Software\ not found.
========== FILES ==========
File\Folder C:\Users\Diane\Downloads\SpeedyPC Pro Installer_5b714c44_.exe not found.
File\Folder C:\Windows\System32\Tasks\SpeedyPC Pro not found.
File\Folder C:\Windows\System32\Tasks\SpeedyPC Registration3 not found.
File\Folder C:\Windows\System32\Tasks\SpeedyPC Update Version3 not found.
File\Folder C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task not found.
File\Folder C:\Windows\Tasks\SpeedyPC Pro.job not found.
File\Folder C:\Windows\Tasks\SpeedyPC Registration3.job not found.
File\Folder C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job not found.
File\Folder C:\Windows\Tasks\SpeedyPC Update Version3.job not found.
File\Folder C:\Program Files\SpeedyPC Software not found.
File\Folder C:\Program Files\Common Files\SpeedyPC Software not found.
File\Folder C:\Program Files\SpeedyPC Software\SpeedyPC not found.
File\Folder C:\ProgramData\SpeedyPC Software not found.
File\Folder C:\ProgramData\SpeedyPC Software\SpeedyPC Pro not found.
File\Folder C:\ProgramData\SpeedyPC Software\UUS3\SpeedyPC not found.
File\Folder C:\Users\All Users\SpeedyPC Software not found.
File\Folder C:\Users\All Users\SpeedyPC Software\SpeedyPC Pro not found.
File\Folder C:\Users\All Users\SpeedyPC Software\UUS3\SpeedyPC not found.
File\Folder C:\Users\Diane\AppData\Roaming\SpeedyPC Software not found.
File\Folder C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software not found.
File\Folder C:\Users\Diane\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Diane
->Temp folder emptied: 705297 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6421077 bytes
->Flash cache emptied: 63707 bytes

User: Public

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93761280 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 169883230 bytes

Total Files Cleaned = 258.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01282013_201944

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Systemlook.txt log

SystemLook 30.07.11 by jpshortstuff
Log created at 20:33 on 28/01/2013 by Diane
Administrator - Elevation successful

No Context: filefind

No Context: *SpeedyPC*

========== folderfind ==========

Searching for "*SpeedyPC*"
C:\_OTL\MovedFiles\01282013_200420\C_ProgramData\SpeedyPC Software d------ [15:47 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_ProgramData\SpeedyPC Software\SpeedyPC Pro d------ [15:47 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\AppData\Roaming\SpeedyPC Software d------ [15:48 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro d------ [15:48 19/01/2013]

========== Regfind ==========

Searching for "SpeedyPC"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
@="{0.0.0.00000000}.{0aea5c7a-52f7-4cc9-bba8-ebebe1b0b022}|\Device\HarddiskVolume2\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"="SpeedPC Software Update"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
@="{0.0.0.00000000}.{0aea5c7a-52f7-4cc9-bba8-ebebe1b0b022}|\Device\HarddiskVolume2\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"="SpeedPC Software Update"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"="SpeedPC Software Update"

-= EOF =-

I did have one or two problems. Whilst running the OTLfix, my computer froze, then I got a Windows error message and Windows closed down. All I had on the screen was my wallpaper picture, so I had to CTRL-ALT-DEL to close the computer down. I restarted and it seemed to work that time.

Whilst running the Systemlook the computer froze again and I couldn't even CTRL-ALT-DEL, I had to downpower using the on/off button, and it took quite a while for the computer to shut down. Once restarted, the log seemed to run OK. I am sure that you will be able to tell if everything has worked correctly.

Thanks again for helping

Diane
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » January 30th, 2013, 1:21 am

Greetings diggerdi,

diggerdi wrote:I did have one or two problems. Whilst running the OTLfix, my computer froze, then I got a Windows error message and Windows closed down. All I had on the screen was my wallpaper picture, so I had to CTRL-ALT-DEL to close the computer down. I restarted and it seemed to work that time.

Whilst running the Systemlook the computer froze again and I couldn't even CTRL-ALT-DEL, I had to downpower using the on/off button, and it took quite a while for the computer to shut down. Once restarted, the log seemed to run OK. I am sure that you will be able to tell if everything has worked correctly.
Thank you for the feedback on how the program is working. These things do happen sometimes while removing malware or rogue programs.


Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
    @=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"=-
    [HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
    @=-
    [HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"=-
    [HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe"=-
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
SystemLook
  • Double-click SystemLook.exe to run it. It should still be on your desktop.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *SpeedyPC*
    
    :folderfind
    *SpeedyPC*
    
    :Regfind
    SpeedyPC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of OTL.txt log
  2. Contents of Systemlook.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby diggerdi » January 30th, 2013, 3:39 pm

Hi wbg

Here are the logs requested. No problems this time.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0\\@ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0\\@ not found.
Registry value HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe not found.
Registry value HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Diane
->Temp folder emptied: 1455835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 204347133 bytes
->Google Chrome cache emptied: 44942584 bytes
->Flash cache emptied: 2151 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107681 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 239.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01302013_192210

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 19:31 on 30/01/2013 by Diane
Administrator - Elevation successful

========== filefind ==========

Searching for "*SpeedyPC*"
C:\Windows\Prefetch\SPEEDYPC.EXE-A1136DCC.pf --a---- 52588 bytes [20:01 28/01/2013] [20:01 28/01/2013] 00CD25BC1C40EBAABE14A34ED292ED59
C:\Windows\Prefetch\SPEEDYPC_UPDATE3.EXE-21ABCD44.pf --a---- 21290 bytes [20:01 28/01/2013] [20:01 28/01/2013] 74B33151AEDBED71B09723E6BA848F71
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\Downloads\SpeedyPC Pro Installer_5b714c44_.exe --a---- 5026936 bytes [15:46 19/01/2013] [15:47 19/01/2013] EC14B17A66289D84B68BBE34A2DECACB

========== folderfind ==========

Searching for "*SpeedyPC*"
C:\_OTL\MovedFiles\01282013_200420\C_ProgramData\SpeedyPC Software d------ [15:47 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_ProgramData\SpeedyPC Software\SpeedyPC Pro d------ [15:47 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\AppData\Roaming\SpeedyPC Software d------ [15:48 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro d------ [15:48 19/01/2013]

========== Regfind ==========

Searching for "SpeedyPC"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
@="{0.0.0.00000000}.{0aea5c7a-52f7-4cc9-bba8-ebebe1b0b022}|\Device\HarddiskVolume2\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1723541559-3248266920-1265630894-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
@="{0.0.0.00000000}.{0aea5c7a-52f7-4cc9-bba8-ebebe1b0b022}|\Device\HarddiskVolume2\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe%b{00000000-0000-0000-0000-000000000000}"

-= EOF =-

Regards

Diane
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » January 31st, 2013, 10:24 pm

Greetings diggerdi,

Same as last time.

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0]
    
    :files
    C:\Windows\Prefetch\SPEEDYPC.EXE-A1136DCC.pf
    C:\Windows\Prefetch\SPEEDYPC_UPDATE3.EXE-21ABCD44.pf
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
SystemLook
  • Double-click SystemLook.exe to run it. It should still be on your desktop.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *SpeedyPC*
    
    :folderfind
    *SpeedyPC*
    
    :Regfind
    SpeedyPC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of OTL.txt log
  2. Contents of Systemlook.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby diggerdi » February 1st, 2013, 4:29 pm

Hi wbg

OTL.exe log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6bfbb96b_0\ deleted successfully.
========== FILES ==========
C:\Windows\Prefetch\SPEEDYPC.EXE-A1136DCC.pf moved successfully.
C:\Windows\Prefetch\SPEEDYPC_UPDATE3.EXE-21ABCD44.pf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Diane
->Temp folder emptied: 1178303 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 356967922 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6174 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77660 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 342.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02012013_201207

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 20:20 on 01/02/2013 by Diane
Administrator - Elevation successful

========== filefind ==========

Searching for "*SpeedyPC*"
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\Downloads\SpeedyPC Pro Installer_5b714c44_.exe --a---- 5026936 bytes [15:46 19/01/2013] [15:47 19/01/2013] EC14B17A66289D84B68BBE34A2DECACB
C:\_OTL\MovedFiles\02012013_201207\C_Windows\Prefetch\SPEEDYPC.EXE-A1136DCC.pf --a---- 52588 bytes [20:01 28/01/2013] [20:01 28/01/2013] 00CD25BC1C40EBAABE14A34ED292ED59
C:\_OTL\MovedFiles\02012013_201207\C_Windows\Prefetch\SPEEDYPC_UPDATE3.EXE-21ABCD44.pf --a---- 21290 bytes [20:01 28/01/2013] [20:01 28/01/2013] 74B33151AEDBED71B09723E6BA848F71

========== folderfind ==========

Searching for "*SpeedyPC*"
C:\_OTL\MovedFiles\01282013_200420\C_ProgramData\SpeedyPC Software d------ [15:47 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_ProgramData\SpeedyPC Software\SpeedyPC Pro d------ [15:47 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\AppData\Roaming\SpeedyPC Software d------ [15:48 19/01/2013]
C:\_OTL\MovedFiles\01282013_200420\C_Users\Diane\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro d------ [15:48 19/01/2013]

========== Regfind ==========

Searching for "SpeedyPC"
No data found.

-= EOF =-

No problems encountered.

Many thanks again for your help.

Diane
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » February 3rd, 2013, 12:35 pm

Hello diggerdi,

Please run the following:


Step 1.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe and select " Run as administrator " to run it. If prompted by the UAC, allow it to run.
  • Follow the prompts and at the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Uncheck Enable free trial of Malwarebytes Anti-malware PRO (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Step 2.
OTL
Please run OTL as it should still be on your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Contents of mbam-log-date (time).txt log
  2. Contents of OTL.txt log
  3. Contents of Extras.txt log
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby wannabeageek » February 5th, 2013, 11:55 pm

Hi diggerdi,

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Been stupid and installed some dodgy software

Unread postby deltalima » February 6th, 2013, 5:06 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware