Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Regclean Pro

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Regclean Pro

Unread postby ih8bills111 » August 16th, 2014, 8:42 pm

:roll:
My girlfriend's PC recently became infected with "RegClean Pro"-- which is a pain. Pop-ups / problems with browsers/ slow performance/errors for no reason...
We are running Malware Bytes-- which removed MOST of it, I think-- but I would like someone to examine our logs, and determine if EVERYTHING is removed, please ??
I would greatly appreciate it...


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/15/2014 9:49:46 PM
System Uptime: 8/16/2014 8:10:53 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Microprocessor | 1795/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 223 GiB total, 191.06 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 10 GiB total, 9.657 GiB free.
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 8/15/2014 9:53:39 PM - Windows Update
RP9: 8/15/2014 10:11:14 PM - avast! antivirus system restore point
RP10: 8/15/2014 10:16:17 PM - Online Armor installation
RP12: 8/15/2014 10:22:49 PM - Revo Uninstaller's restore point - Online Armor 6.0
RP13: 8/15/2014 10:31:45 PM - Online Armor installation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Shockwave Player 12.1
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
avast! Free Antivirus
CCleaner
Clickfree Easy Image
Conexant D850 PCI V.92 Modem
Diskeeper 12 Home
Ditto
DriverUpdate
FileHippo.com Update Checker
Foxit Reader
GIMP 2.8.4
HP Photo Creations
HP Photosmart 6520 series Basic Device Software
HP Photosmart 6520 series Help
HP Photosmart 6520 series Product Improvement Study
HP Update
HPDiagnosticAlert
IDT Audio
Intel(R) Chipset Device Software
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 18.7.28.0
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 67
Java Auto Updater
Kingsoft Office 2012 (8.1.0.3385)
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
Notepad++
Online Armor 7.0
PrintMaster Platinum 18.1
Quick Blackjack 3.0 (remove only)
Quick Cribbage 3.5 (remove only)
Quick Poker 3.3 (remove only)
Revo Uninstaller 1.95
RoboForm 7-9-8-5 (All Users)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Speccy
Stickies 7.1e
SUPERAntiSpyware
swMSM
Unlocker 1.9.2
VC_CRT_x86
Visual Studio 2012 x86 Redistributables
Wise Disk Cleaner 7.93
Wise Registry Cleaner 8.21
.
==== Event Viewer Messages From Past Week ========
.
8/16/2014 8:12:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/16/2014 8:12:05 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
8/15/2014 9:41:40 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.
8/15/2014 9:37:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070422'. Restart your computer, and then try to restart the service.
8/15/2014 9:30:17 PM, Error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/15/2014 9:29:33 PM, Error: Service Control Manager [7030] - The Foxit Cloud Safe Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/15/2014 7:57:14 PM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: avast! HardwareID is not a valid Win32 application.
8/15/2014 7:56:56 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.5.0 service failed to start due to the following error: The system cannot find the path specified.
8/15/2014 7:54:37 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/15/2014 7:33:28 PM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: Access is denied.
8/15/2014 6:33:56 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
8/15/2014 6:33:56 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: A system shutdown is in progress.
8/15/2014 6:33:56 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:33:55 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:33:55 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:33:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
8/15/2014 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/15/2014 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/15/2014 6:33:44 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/15/2014 6:32:19 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:32:19 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:32:19 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
8/15/2014 6:32:19 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
8/15/2014 6:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/15/2014 6:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/15/2014 11:13:33 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {995C996E-D918-4A8C-A302-45719A6F4EA7} as /. The error: "5" Happened while starting this command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
8/15/2014 10:07:13 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
8/14/2014 6:28:42 AM, Error: Service Control Manager [7000] - The MBAMWebAccessControl service failed to start due to the following error: Access is denied.
8/14/2014 6:28:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.67.2
Run by Karen at 20:29:56 on 2014-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.1570 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\oaui.exe
C:\ProgramData\Clickfree\cfagent.exe
C:\Program Files\Ditto\Ditto.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Stickies\stickies.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ClickfreeMonitor] c:\programdata\clickfree\cfagent.exe
uRun: [Ditto] c:\program files\ditto\Ditto.exe
uRun: [FibReminder] c:\programdata\clickfree\fullimagingbackup\FibReminder.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{BC9BE4E4-0D4B-43EB-84D0-550E57EB56D1} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\pz3xfuyv.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-9 192352]
R0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys [2014-2-2 35120]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys [2014-2-2 85328]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2013-7-20 526392]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2013-7-20 25656]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-8-9 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-8-9 414520]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-9-16 74456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2014-8-15 210360]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2014-8-15 44984]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2014-8-15 34856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-9 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-9 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-8-9 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-9 50344]
R2 FibUacService;FibUacService;c:\programdata\clickfree\fullimagingbackup\FibUac.exe [2013-2-17 37192]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-5-10 241728]
R2 FullImagingService;FullImagingService;c:\programdata\clickfree\fullimagingbackup\FullImagingService.exe [2013-2-17 235848]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-7-20 14904]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2013-7-30 133888]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-3 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-3 860472]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2014-8-15 584864]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2014-8-15 4457688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-3 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-3 51928]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2014-8-15 31760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2014-2-2 44496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-15 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-10 14848]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-7-5 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-3 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
.
=============== Created Last 30 ================
.
2014-08-16 05:08:47 -------- d-----w- c:\windows\Panther
2014-08-16 04:54:58 -------- d--h--w- C:\$WINDOWS.~Q
2014-08-16 04:52:06 -------- d--h--w- C:\$INPLACE.~TR
2014-08-16 02:32:44 -------- d-----w- c:\users\karen\appdata\roaming\OnlineArmor
2014-08-16 02:32:44 -------- d-----w- c:\programdata\OnlineArmor
2014-08-16 02:31:36 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2014-08-16 02:31:36 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys
2014-08-16 02:31:36 31760 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-08-16 02:31:36 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys
2014-08-16 02:31:33 -------- d-----w- c:\program files\Online Armor
2014-08-16 02:02:39 -------- d-----w- c:\users\karen\appdata\local\ElevatedDiagnostics
2014-08-16 01:53:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-08-16 01:53:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-08-16 01:53:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-08-16 01:43:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-16 01:43:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-16 01:43:37 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-16 01:43:37 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-16 01:14:54 -------- d-----w- c:\windows\system32\URTTEMP
2014-08-16 01:14:44 -------- d-sh--w- c:\windows\Installer
2014-08-16 01:12:48 -------- d-----w- c:\program files\CONEXANT
2014-08-15 23:12:50 60416 ------w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 23:12:50 51200 ------w- c:\windows\system32\ieetwproxystub.dll
2014-08-15 23:12:50 108032 ------w- c:\windows\system32\ieetwcollector.exe
2014-08-15 23:12:49 646144 ------w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 23:12:43 4096 ------w- c:\windows\system32\ieetwcollectorres.dll
2014-08-15 23:12:37 1068032 ------w- c:\windows\system32\mshtmlmedia.dll
2014-08-15 23:12:36 61952 ------w- c:\windows\system32\MshtmlDac.dll
2014-08-15 23:12:34 597504 ------w- c:\windows\system32\jscript9diag.dll
2014-08-15 23:12:32 4204032 ------w- c:\windows\system32\jscript9.dll
2014-08-15 23:08:20 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a1d8be17-a148-4f06-af1b-c6d9b7b55cb8}\mpengine.dll
2014-08-15 17:03:24 -------- d-----w- c:\users\karen\New folder (2)
2014-08-14 12:11:40 -------- d-----w- C:\Cher
2014-08-14 00:06:35 -------- d-----w- c:\windows\windows microsoft
2014-08-13 19:30:03 -------- d-----w- c:\users\karen\appdata\local\Diagnostics
2014-08-12 09:34:23 -------- d-----w- C:\paul barnum
2014-08-11 22:16:50 -------- d-----w- C:\VIPRERESCUE
2014-08-11 09:36:27 -------- d-----w- c:\users\karen\karen 2
2014-08-11 02:29:16 -------- d-----w- c:\users\karen\appdata\local\Systweak
2014-08-11 02:26:02 -------- d-----w- c:\programdata\Systweak
2014-08-11 01:58:05 -------- d-----w- c:\users\karen\appdata\roaming\ASP
2014-08-11 01:09:51 -------- d-----w- c:\users\karen\appdata\roaming\Systweak
2014-08-11 01:09:40 18280 ----a-w- c:\windows\system32\roboot.exe
2014-08-10 13:11:49 -------- d-----w- c:\users\karen\appdata\roaming\OpenDNS Updater
2014-08-10 01:12:52 -------- d-----w- c:\users\karen\appdata\roaming\AVAST Software
2014-08-10 01:11:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-10 01:11:47 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-10 01:11:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-10 01:11:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-10 01:11:45 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-10 01:11:45 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-10 01:11:45 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-10 01:11:36 43152 ----a-w- c:\windows\avastSS.scr
2014-08-10 01:09:38 -------- d-----w- c:\program files\AVAST Software
2014-08-07 14:24:53 4251648 ----a-w- c:\windows\system32\STLang.dll
2014-08-07 14:24:53 290898 ----a-w- c:\windows\system32\STacSV.exe
2014-08-07 14:23:29 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2014-08-07 14:23:28 417280 ----a-w- c:\windows\system32\stcplx.dll
2014-08-07 14:23:28 1278976 ----a-w- c:\windows\system32\stapo.dll
2014-08-07 14:23:27 207360 ----a-w- c:\windows\system32\st326224.dll
2014-08-07 14:23:20 -------- d-----w- c:\program files\IDT
2014-08-06 20:21:09 -------- d-----w- c:\programdata\SlimWare Utilities, Inc
2014-08-06 20:15:46 -------- d-----w- c:\program files\DriverUpdate
2014-08-05 23:10:39 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-30 04:15:28 2876528 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2014-07-30 04:15:19 42168 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
.
==================== Find3M ====================
.
2014-08-17 00:14:34 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-16 02:27:31 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-08-10 14:26:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-10 14:26:00 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-28 12:11:40 4765152 ----a-w- c:\program files\ccsetup411(2).exe
2014-02-28 12:11:19 4765152 ----a-w- c:\program files\ccsetup411(1).exe
2014-02-28 12:08:08 4765152 ----a-w- c:\program files\ccsetup411.exe
.
============= FINISH: 20:32:58.65 ===============
ih8bills111
Active Member
 
Posts: 8
Joined: August 11th, 2014, 7:39 am
Advertisement
Register to Remove

Re: Regclean Pro

Unread postby Cypher » August 17th, 2014, 6:43 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • Now click on Create.
  • Give the new restore point a name like "Start Fix", then click Create again.
  • Now click OK.

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
SUPERAntiSpyware
Wise Registry Cleaner 8.21


Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Regclean Pro

Unread postby ih8bills111 » August 17th, 2014, 8:55 am

AdwCleaner[S3] 111.txt
Greetings Cypher--
Thank you !

I am no 'noob' to the process of removal-- and will follow all directions.

logs will be attached-- as they are too long to paste
You do not have the required permissions to view the files attached to this post.
ih8bills111
Active Member
 
Posts: 8
Joined: August 11th, 2014, 7:39 am

Re: Regclean Pro

Unread postby ih8bills111 » August 17th, 2014, 9:14 am

P.S-- I did not -- at 1st see your instruction to remove Super Anti Spyware and Wise Registry Cleaner. Both have now been removed.
ih8bills111
Active Member
 
Posts: 8
Joined: August 11th, 2014, 7:39 am

Re: Regclean Pro

Unread postby Cypher » August 17th, 2014, 10:22 am

Hi,
Greetings Cypher--
Thank you !
You're most welcome.
Continue with the instructions below please.
When done let me know how the computer is running, any problems?

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    GroupPolicyUsers\S-1-5-21-3499379357-965745774-4099936827-1094\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3499379357-965745774-4099936827-1093\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKLM - {37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ASP^xdm002^YYA^us&si=CLK5xMvQlLkCFQ9dQgodz3cAFg&ptb=815B7B60-2C24-4527-8A51-42FB0B5384C0&ind=2013082617&n=77fd33f9&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZU^xdm458^YY^us&si=CLiTvJPfjLgCFaU5QgodyyUABQ&ptb=C2EB8D21-DBC9-4E2B-AD37-997098EB8D54&ind=2013063017&n=77fce769&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - 0C5BE7CDEBD8478EB78EFB6B2F64CE48 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCyCtAtBtByByDyBzyyByCtN0D0Tzu0SyBtDtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1312760932&ir=
    SearchScopes: HKCU - {37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff} URL = 
    SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = 
    SearchScopes: HKCU - {EAAF677B-51E4-41EE-AB3C-B2C434150565} URL = https://duckduckgo.com/?q={searchTerms}
    Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-08-15 21:28 - 2013-03-03 15:39 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Wise Registry Cleaner
    2014-08-15 21:20 - 2013-02-07 14:24 - 00000000 ____D () C:\Program Files\Wise
    C:\Users\Karen\AppData\Local\Temp\Quarantine.exe
    Task: {086E8E0B-3A02-4EA3-94CF-94F1B05178F6} - System32\Tasks\Registry Optimizer => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    Task: {2D62DABF-97E6-4A25-A8BD-439678898CDA} - \SidebarExecute No Task File <==== ATTENTION
    Task: {6ADFB7F8-767A-4720-BD86-077F7DAF8A62} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    Task: {B47F3D30-9D37-43BC-885C-06147A7930FC} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    Task: C:\Windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe as filename fixlist.txt.
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • fixlist.txt.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Regclean Pro

Unread postby ih8bills111 » August 17th, 2014, 12:04 pm

Logs follow-- PC seems better.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by Karen at 2014-08-17 10:56:15 Run:1
Running from C:\Users\Karen\Desktop\FixIt Folder
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-3499379357-965745774-4099936827-1094\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3499379357-965745774-4099936827-1093\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - {37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ASP^xdm002^YYA^us&si=CLK5xMvQlLkCFQ9dQgodz3cAFg&ptb=815B7B60-2C24-4527-8A51-42FB0B5384C0&ind=2013082617&n=77fd33f9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^ZU^xdm458^YY^us&si=CLiTvJPfjLgCFaU5QgodyyUABQ&ptb=C2EB8D21-DBC9-4E2B-AD37-997098EB8D54&ind=2013063017&n=77fce769&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - 0C5BE7CDEBD8478EB78EFB6B2F64CE48 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCyCtAtBtByByDyBzyyByCtN0D0Tzu0SyBtDtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1312760932&ir=
SearchScopes: HKCU - {37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff} URL =
SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL =
SearchScopes: HKCU - {EAAF677B-51E4-41EE-AB3C-B2C434150565} URL = https://duckduckgo.com/?q={searchTerms}
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-15 21:28 - 2013-03-03 15:39 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Wise Registry Cleaner
2014-08-15 21:20 - 2013-02-07 14:24 - 00000000 ____D () C:\Program Files\Wise
C:\Users\Karen\AppData\Local\Temp\Quarantine.exe
Task: {086E8E0B-3A02-4EA3-94CF-94F1B05178F6} - System32\Tasks\Registry Optimizer => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
Task: {2D62DABF-97E6-4A25-A8BD-439678898CDA} - \SidebarExecute No Task File <==== ATTENTION
Task: {6ADFB7F8-767A-4720-BD86-077F7DAF8A62} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
Task: {B47F3D30-9D37-43BC-885C-06147A7930FC} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe

EmptyTemp:
CMD: ipconfig /flushdns


*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3499379357-965745774-4099936827-1094\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3499379357-965745774-4099936827-1093\User => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff}" => Key deleted successfully.
"HKCR\CLSID\{37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}" => Key deleted successfully.
"HKCR\CLSID\{acbd5593-e5ee-4c15-b48f-1823ce819dec}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0C5BE7CDEBD8478EB78EFB6B2F64CE48" => Key deleted successfully.
"HKCR\CLSID\0C5BE7CDEBD8478EB78EFB6B2F64CE48" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff}" => Key deleted successfully.
"HKCR\CLSID\{37629e8f-fa4e-4cef-8ad3-0dbd2eb0dcff}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}" => Key deleted successfully.
"HKCR\CLSID\{acbd5593-e5ee-4c15-b48f-1823ce819dec}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EAAF677B-51E4-41EE-AB3C-B2C434150565}" => Key deleted successfully.
"HKCR\CLSID\{EAAF677B-51E4-41EE-AB3C-B2C434150565}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
"HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\Users\Karen\AppData\Roaming\Wise Registry Cleaner" => File/Directory not found.
"C:\Program Files\Wise" => File/Directory not found.
C:\Users\Karen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{086E8E0B-3A02-4EA3-94CF-94F1B05178F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{086E8E0B-3A02-4EA3-94CF-94F1B05178F6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Registry Optimizer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D62DABF-97E6-4A25-A8BD-439678898CDA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D62DABF-97E6-4A25-A8BD-439678898CDA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ADFB7F8-767A-4720-BD86-077F7DAF8A62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ADFB7F8-767A-4720-BD86-077F7DAF8A62}" => Key deleted successfully.
C:\Windows\System32\Tasks\Registry Optimizer_DEFAULT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_DEFAULT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B47F3D30-9D37-43BC-885C-06147A7930FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47F3D30-9D37-43BC-885C-06147A7930FC}" => Key deleted successfully.
C:\Windows\System32\Tasks\Registry Optimizer_UPDATES => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_UPDATES" => Key deleted successfully.
C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => Moved successfully.
C:\Windows\Tasks\Registry Optimizer_UPDATES.job => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 77.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Karen\AppData\Roaming\ASP\aspsetup.exe.vir MSIL/AdvancedSystemProtector.E potentially unwanted application deleted - quarantined
C:\Program Files\ccsetup411(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Program Files\ccsetup411(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Program Files\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Karen\Desktop\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Karen\Desktop\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Karen\Desktop\Downloads\FoxitReader614.0217_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Karen\Desktop\Downloads\FoxitReader620.0429_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Karen\Desktop\Downloads\rcp_280710483826096075.exe Win32/Systweak.D potentially unwanted application deleted - quarantined
C:\Users\Karen\Desktop\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
ih8bills111
Active Member
 
Posts: 8
Joined: August 11th, 2014, 7:39 am

Re: Regclean Pro

Unread postby Cypher » August 17th, 2014, 12:32 pm

Hi,
Looks like you're good to go, your computer appears to be clean of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

I see you had a "Registry Cleaner" installed.
Wise Registry Cleaner 8.21

All programs of this type are a complete and utter waste of time, and usually cause more problems than they ever resolve. The Registry in Windows is remarkably tolerant of "orphans" and will happily run with thousands of them without any measurable drop in performance. However, remove just one wrong Registry entry, and you can easily end up with problems, upto and including an unbootable machine. "Auto fixing" programs do not have a good record for not making errors.

The gain vs risk equation is not a good one, and I strongly recommend you don't reinstall this program.

If you are up for a read you should find This informative.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Regclean Pro

Unread postby ih8bills111 » August 17th, 2014, 1:45 pm

:cheers: Will do sir--- thanks again for your help....
ih8bills111
Active Member
 
Posts: 8
Joined: August 11th, 2014, 7:39 am

Re: Regclean Pro

Unread postby Cypher » August 18th, 2014, 4:54 am

Hi,
thanks again for your help

My pleasure :)
As you have no questions i will close this topic.
Good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware