Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Tons of Pop-ups (take 2)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 17th, 2014, 6:55 am

Trying this again since I replied on the last rather then editing when I added my other report files. Sorry about that.

I've ran malwarebytes and advast and cleaned a lot off. Both run clean but I'm still getting pop-ups and new tabs being spawned. Here is my HijackThis log. Can someone help please?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:38:35 PM, on 11/16/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)

FIREFOX: 33.1.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Heidi\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q= {searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 114&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80114
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q= {searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 114&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80114
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
R3 - URLSearchHook: (no name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (file missing)
O2 - BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (file missing)
O2 - BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C :\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v63/bj ... ck/bja.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared ... launch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - http://www.worldwinner.com/games/launch ... wwload.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12766 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 11.25.2
Run by Heidi at 21:34:12 on 2014-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1384 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\schtasks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxps://www.google.com/search?q= {searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?q= {searchTerms}
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx ... 114&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80114
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
BHO: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bj ... ck/bja.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared ... launch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launch ... wwload.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C}\3686162796562627F677E6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C}\36861627C696562627F677E6 : DHCPNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
FF - user.js: extensions.nspdlgrvrio.aflt - grv_adk5_14_29
FF - user.js: extensions.nspdlgrvrio.instlRef - grv_adk5_14_29
FF - user.js: extensions.nspdlgrvrio.cr - 892784084
FF - user.js: extensions.nspdlgrvrio.cd - 2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_cmi_14_4 ... 535139&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_cmi_14_4 ... 535139&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_cmi_14_4 ... 139&ir=&q=
FF - user.js: extensions.srchvstrn.id - 2EEEE6AA172BD7EC
FF - user.js: extensions.srchvstrn.instlDay - 16388
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 16:7:56
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_cmi_14_46_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_b
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 1120535139
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0F0ByCtAtAzytGtA0F0CyDtG0DyB0EyBtG0DyDtCzytGtDtCzzyEzz0C0EyBtD0E0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q
FF - user.js: extensions.srchvstrn.AL - 4
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-15 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-11-15 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-15 436624]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-15 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-11-15 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-15 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-15 50344]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-3-7 517632]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]
R2 OfficeSvc;Servicio de Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-1-29 1494144]
R2 webinstrT;webinstrT;C:\Windows\System32\drivers\webinstrT.sys [2014-11-14 63696]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-16 228408]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 314400]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-11 36408]
R3 VSBC7;Virtual Serial Bus Enumerator 7 (Eltima Software);C:\Windows\System32\drivers\evsbc7.sys [2012-9-23 36616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-8 35840]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 evserial7;Virtual Serial Ports Driver 7 (Eltima Software);C:\Windows\System32\drivers\evserial7.sys [2012-9-23 71432]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-12-3 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-11 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-16 18:10:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D8D4DA-7A67-425B-AD65-E8E127DAD9C0}\offreg.dll
2014-11-16 16:58:13 6231376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-16 16:57:55 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D8D4DA-7A67-425B-AD65-E8E127DAD9C0}\mpengine.dll
2014-11-16 01:30:45 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-16 00:45:51 -------- d-----w- C:\Users\Heidi\AppData\Roaming\AVAST Software
2014-11-16 00:45:05 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-16 00:45:05 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-16 00:45:04 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-16 00:45:04 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-16 00:45:04 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-16 00:45:03 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-16 00:45:02 1050432 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-11-16 00:44:52 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-16 00:34:52 -------- d-----w- C:\Program Files\AVAST Software
2014-11-16 00:33:40 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-14 21:17:58 -------- d-----w- C:\Windows\SysWow64\Flash
2014-11-14 21:15:46 613012 ----a-w- C:\Users\Heidi\AppData\Local\nsh6995.tmp
2014-11-14 21:15:42 -------- d-sh--w- C:\Users\Heidi\AppData\Roaming\AnyProtectEx
2014-11-14 21:15:11 -------- d-----w- C:\Users\Heidi\AppData\Local\Vosteran-old
2014-11-14 21:12:40 2065 ----a-w- C:\Windows\patsearch.bin
2014-11-14 21:12:32 63696 ----a-w- C:\Windows\System32\drivers\webinstrT.sys
2014-11-14 21:12:31 -------- d-----w- C:\ProgramData\Systweak
2014-11-14 21:09:08 -------- d-----w- C:\Users\Heidi\AppData\Roaming\Systweak
2014-11-14 21:09:07 20296 ----a-w- C:\Windows\System32\roboot64.exe
2014-11-14 21:08:01 -------- d-----w- C:\Users\Heidi\AppData\Roaming\WSE_Vosteran
2014-11-14 20:56:11 -------- d-----w- C:\Users\Heidi\AppData\Roaming\24x7 Help
2014-11-14 00:03:21 -------- d-sh--w- C:\Users\Heidi\AppData\Local\EmieBrowserModeList
2014-11-11 21:46:57 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-11 21:46:57 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-11-11 21:46:55 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-11 21:46:55 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-11 21:46:55 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-11 21:46:55 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-11-11 21:46:55 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-11-11 21:46:55 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-11-11 21:46:55 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-11-11 21:46:55 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-11-11 21:45:59 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-11 21:45:58 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-11 21:45:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-11 21:45:45 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-11 21:45:44 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-11 21:45:44 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-11 21:45:44 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-11 21:45:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-11 21:45:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-11 21:45:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-11 21:45:43 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-11 21:45:43 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-11 21:40:36 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 21:40:36 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-11 21:40:36 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-11 21:40:36 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-11-11 21:33:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 21:33:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2014-11-16 23:52:10 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 09:44:10 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 09:44:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 09:42:02 4918960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-01 16:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
.
============= FINISH: 21:35:20.66 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/4/2009 5:39:45 AM
System Uptime: 11/16/2014 9:15:29 PM (0 hours ago)
.
Motherboard: Quanta | | 363F
Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 170.513 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.187 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: bbnfd_1_10_0_2
Device ID: ROOT\LEGACY_BBNFD_1_10_0_2\0000
Manufacturer:
Name: bbnfd_1_10_0_2
PNP Device ID: ROOT\LEGACY_BBNFD_1_10_0_2\0000
Service: bbnfd_1_10_0_2
.
==== System Restore Points ===================
.
RP599: 11/15/2014 4:18:11 PM - Restore Operation
RP600: 11/15/2014 6:17:34 PM - Removed AVG 2015
RP601: 11/15/2014 6:19:44 PM - Removed AVG 2015
RP602: 11/15/2014 7:34:27 PM - avast! antivirus system restore point
RP603: 11/15/2014 8:13:55 PM - Removed Java(TM) 6 Update 20
RP604: 11/15/2014 8:16:05 PM - Removed Java(TM) 6 Update 14 (64-bit)
RP605: 11/15/2014 8:17:40 PM - Removed Java 7 Update 55
RP606: 11/16/2014 11:56:47 AM - Windows Update
RP607: 11/16/2014 7:00:37 PM - Windows Backup
RP609: 11/16/2014 8:01:34 PM - Removed service pack backup files
RP610: 11/16/2014 8:55:19 PM - Removed Visual Studio 2012 x86 Redistributables
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
AMD USB Filter Driver
ATI Catalyst Install Manager
ATT-PRT22
Avast Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
COM Port Toolkit 3.9
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
docXConverter 3.1.2
Dyno-Scan OBD II USB Adapter (Driver Removal)
Facebook Messenger 2.1.4814.0
GearHeadConnect
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Update
HP User Guides 0148
HP Wireless Assistant
I.R.I.S. OCR
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
LSI HDA Modem
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Excel Packages
Microsoft Office 365 Home Premium Preview - es-es
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Mozilla Firefox 33.1.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.2
PowerDirector
PowerRecover
QLBCASL
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Synaptics Pointing Device Driver
VCDS-Lite 1.1
VCDS Release 11.11.4
Virtual Serial Port Driver 7.1 (Build 7.1.289)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
11/16/2014 9:16:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbnfd_1_10_0_2
11/16/2014 9:16:02 PM, Error: Service Control Manager [7000] - The COMPT service failed to start due to the following error: This driver has been blocked from loading
11/16/2014 9:16:02 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\COMPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/16/2014 7:35:44 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2014 7:35:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2014 7:35:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2014 7:35:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/16/2014 7:35:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/16/2014 7:35:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/16/2014 7:35:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/16/2014 7:35:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswVmm bbnfd_1_10_0_2 DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2014 7:35:05 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2014 2:25:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/15/2014 7:26:16 PM, Error: Service Control Manager [7034] - The Unchecky service terminated unexpectedly. It has done this 1 time(s).
11/15/2014 6:22:07 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The system cannot find the file specified.
11/15/2014 2:45:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JIM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C}. The master browser is stopping or an election is being forced.
11/15/2014 12:09:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
11/14/2014 5:22:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/13/2014 7:27:51 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
11/13/2014 7:12:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/13/2014 7:11:26 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
11/13/2014 5:13:36 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753635.
11/10/2014 8:34:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/10/2014 3:45:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
.
==== End Of File ===========================
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm
Advertisement
Register to Remove

Re: Tons of Pop-ups (take 2)

Unread postby Cypher » November 17th, 2014, 1:09 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Tons of Pop-ups (take 2)

Unread postby Cypher » November 17th, 2014, 1:14 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • RogueKiller log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 17th, 2014, 7:37 pm

AdwCleaner Log

# AdwCleaner v4.101 - Report created 17/11/2014 at 18:31:58
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Heidi - HEIDI-PC
# Running from : C:\Users\Heidi\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : webinstrT

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files (x86)\vGrabber-software
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Heidi\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Heidi\AppData\Local\DefineExt
Folder Deleted : C:\Users\Heidi\AppData\Local\iMesh
Folder Deleted : C:\Users\Heidi\AppData\Local\PackageAware
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Elf_1.15
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Heidi\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Folder Deleted : C:\Users\Heidi\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Heidi\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Heidi\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Heidi\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Heidi\AppData\Roaming\WSE_Vosteran
Folder Deleted : C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\Heidi\Documents\iMesh
Folder Deleted : C:\Users\jim\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\jim\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\jim\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jim\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\jim\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\jim\AppData\LocalLow\SiteRanker
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\webinstrT.sys
File Deleted : C:\Users\Heidi\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Heidi\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\searchplugins\bingp.xml
File Deleted : C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\user.js
File Deleted : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\r8dg0eup.default\user.js
File Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : advanced-System Protector_startup
Task Deleted : ASP
Task Deleted : LaunchSignup
Task Deleted : RegClean Pro
Task Deleted : RocketTab Update Task
Task Deleted : RocketTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\lyricsparty
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\iMeshMediabarTb
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [IconCache]

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3286042.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000082.isPlayDisplay", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000082.muteState", "on");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_city", "SAGINAW");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_locId", "USMI0739");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_location", "Saginaw, MI");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_region", "US");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.130067724017736504.APP_WIN_FEATURES", "%F8%EB%F9%EF%u0100%E7%E8%F2%EB%C3%B6%B2%EE%F9%E9%F8%F5%F2%F2%C3%B6%B2%FC%F9%E9%F8%F5%F2%F2%C3%B6%B2%FA%EF%FA%F2%EB%E8%E7%F8%C3%B7%B2%E9%F2%F[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.FF19Solved", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.FirstTime", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.RestartDialogFirstTime", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.RestartDialogShouldDisplay", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.UserID", "UN22318539902108910");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.autoDisableScopes", -1);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.countryCode", "US");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.defaultSearch", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.enableAlerts", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.enableSearchFromAddressBar", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.firstTimeDialogOpened", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.fixPageNotFoundError", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.fixUrls", true);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.fullUserID", "UN22318539902108910.IN.20130824141704");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.homepageuserchanged", true);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installDate", "24/08/2013 14:17:04");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installId", "stub.exe");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installSessionId", "{B40A2108-C26E-4409-A765-F6642CC8851B}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installSp", "TRUE");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installType", "conduitnsisintegration");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installUsage", "2013-08-24T21:22:02.0083387+03:00");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installUsageEarly", "2013-08-24T21:21:56.4701967+03:00");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.installerVersion", "1.6.0.22");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.keyword", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.lastVersion", "10.31.2.501");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.migrateAppsAndComponents", true);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fwindows_vista-hardware%2Fmy-computer-goes-[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.openThankYouPage", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.openUninstallPage", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN21700652262430968&UM=2&UP=SP650CE217-B149-41ED-9B00-6AA72464EB6C");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.originalSearchEngine", "Bing ");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.originalSearchEngineName", "Bing ");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.performedDomainChangesMigration", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.search.searchAppId", "130067724014616498");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.search.searchCount", "2");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchRevert", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.searchUserMode", "2");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1403352950304");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1391521013116");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_appTracking_lastUpdate", "1382972884620");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1391979525492");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1390997252517");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1377368513276");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1377368518899");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377734065308");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.16.9.6_lastUpdate", "1377453098642");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378861014157");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380033124680");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382440432283");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384389148770");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385252815838");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386630303426");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1390997252663");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1403352955190");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1403352950096");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1391979801205");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1403365461809");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1403352945099");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.settingsINI", true);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.shouldFirstTimeDialog", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.showToolbarPermission", "false");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.startPage", "true");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.toolbarBornServerTime", "24-8-2013");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.toolbarCurrentServerTime", "2-12-2013");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.toolbarLoginClientTime", "Sat Aug 24 2013 14:21:59 GMT-0400 (Eastern Standard Time)");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.16.9.6");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663.xpeMode", "3");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1403368608358,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBHomepagesList", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "irmsd0103");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0SyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "235128838");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytD[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289663");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN21700652262430968&UM=2&UP=SP650CE217-B149-41ED-9B00-6AA72464EB6C,hxxp://searc[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN22318539902108910&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?SSP[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289663");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289663");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN21700652262430968&UM=2&UP=SP650CE217-B149-41ED-9B00-6AA72464EB6C,hxxp://search.condu[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "PV9OGGI4DRLGIBTMZABARBJDAA6SAB6QMQIXJ20UEMPLAPSUPPZ74MJQ0B1PKKI431I/HNQPXV+WUWOSMYSSDA");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN22318539902108910&UM=2&SearchSource=13");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN22318539902108910&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?SSPV=&ctid[...]
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_currentVersion", "312E31332E302E3137");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_currentVersion.storedInFile", false);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_globalKeysMigratedToLocalStorage", "31");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_migrated_from_ls", "31");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_migrated_from_ls.storedInFile", false);
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_userBornDate", "4E2F41");
[n7qe0ovt.default\prefs.js] - Line Deleted : user_pref("valueApps.CT3289663.mam_gk_userBornDate.storedInFile", false);
[r8dg0eup.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[r8dg0eup.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[r8dg0eup.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[r8dg0eup.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[r8dg0eup.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN[...]

-\\ Google Chrome v

[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN62609549796622614&ctid=CT3289663&UM=2
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN62609549796622614&ctid=CT3289663&UM=2
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0SyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=235128838&ir=
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TBUS&apn_uid=2BB23B4E-1A59-4B44-BFA7-B244260824D1&apn_sauid=F68E9B8D-C81D-46AB-B452-4E28BDE668E9
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TBUS&apn_uid=2BB23B4E-1A59-4B44-BFA7-B244260824D1&apn_sauid=F68E9B8D-C81D-46AB-B452-4E28BDE668E9
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60195
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=
[C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0F0ByCtAtAzytGtA0F0CyDtG0DyB0EyBtG0DyDtCzytGtDtCzzyEzz0C0EyBtD0E0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=1120535139&ir=

*************************

AdwCleaner[R0].txt - [32004 octets] - [17/11/2014 18:25:14]
AdwCleaner[S0].txt - [33172 octets] - [17/11/2014 18:31:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33233 octets] ##########
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 17th, 2014, 7:47 pm

RogueKiller Log

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Heidi [Administrator]
Mode : Scan -- Date : 11/17/2014 18:45:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 6 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{CE80E9E2-DBCE-4C4F-A55E-B564CAFB7DF4}.exe (--uninstall=1) -> Found
[Suspicious.Path] WSE_Vosteran.job -- C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \\4664 -- wscript.exe (C:\Users\Heidi\AppData\Local\Temp\launchie.vbs //B) -> Found
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{CE80E9E2-DBCE-4C4F-A55E-B564CAFB7DF4}.exe (--uninstall=1) -> Found
[Suspicious.Path] \\WSE_Vosteran -- C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \Hewlett-Packard\HP Assistant\HPSA Upgrade -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] n7qe0ovt.default : user_pref("browser.startup.homepage", "google.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 0addfcabbb6f64593dc465b4f6b3315e
[BSP] fc10a6b1fcb2b0b2ef82b8445843afb3 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 224744 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 460685312 | Size: 13427 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 488183808 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 17th, 2014, 7:53 pm

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Heidi (administrator) on HEIDI-PC on 17-11-2014 18:50:19
Running from C:\Users\Heidi\Downloads
Loaded Profile: Heidi (Available profiles: Heidi & jim & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\MountPoints2: {0f61ef6c-2ee1-11df-a715-00269e2d9c80} - F:\LaunchU3.exe
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94326F7CFB01D001
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 114&lng=en
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80114
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> DefaultScope {C6E455E9-A4B0-4E52-B4CC-8ADAFB54636F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> {C6E455E9-A4B0-4E52-B4CC-8ADAFB54636F} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: No Name -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL No File
BHO-x32: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
DPF: HKLM-x32 {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launch ... wwload.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default
FF SearchEngineOrder.3: Bing
FF Homepage: google.com
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\searchplugins\Vosteran.xml
FF Extension: CookieCuller - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2013-11-17]
FF Extension: Adblock Plus - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-16]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{6311158d-1248-4c22-b80e-0fce899a0c7c}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-15]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_adk5_14 ... 784084&ir=
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=", "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0F0ByCtAtAzytGtA0F0CyDtG0DyB0EyBtG0DyDtCzytGtDtCzzyEzz0C0EyBtD0E0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=1120535139&ir="
CHR DefaultSearchKeyword: Default -> groovorio.com
CHR DefaultSearchURL: Default -> http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (YouTube) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Adblock Plus) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-15]
CHR Extension: (Google Search) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Google Sheets) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (Vgrabber v1) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb [2013-08-04]
CHR Extension: (InternetHelper3.1) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-08-24]
CHR Extension: (Google Wallet) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Gmail) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]
CHR HKLM-x32\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Heidi\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Heidi\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-08-08]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
S2 COMPT; C:\Windows\SysWow64\Drivers\COMPT.sys [44031 2008-11-22] () [File not signed]
S3 evserial7; C:\Windows\System32\DRIVERS\evserial7.sys [71432 2011-10-31] (ELTIMA Software)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-17] ()
R3 VSBC7; C:\Windows\System32\DRIVERS\evsbc7.sys [36616 2011-10-31] (ELTIMA Software)
S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 18:50 - 2014-11-17 18:50 - 00022421 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-11-17 18:49 - 2014-11-17 18:50 - 00000000 ____D () C:\FRST
2014-11-17 18:47 - 2014-11-17 18:47 - 02117120 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-11-17 18:39 - 2014-11-17 18:39 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-17 18:39 - 2014-11-17 18:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-17 18:38 - 2014-11-17 18:38 - 14678104 _____ () C:\Users\Heidi\Downloads\RogueKiller.exe
2014-11-17 18:24 - 2014-11-17 18:38 - 00000000 ____D () C:\AdwCleaner
2014-11-17 18:23 - 2014-11-17 18:23 - 02140160 _____ () C:\Users\Heidi\Downloads\adwcleaner_4.101.exe
2014-11-17 18:21 - 2014-11-17 18:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HEIDI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-11-17 18:19 - 2014-11-17 18:19 - 00002199 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-17 18:19 - 2014-11-17 18:19 - 00000000 ____D () C:\RegBackup
2014-11-17 18:19 - 2014-11-17 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-17 18:19 - 2014-11-17 18:19 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-17 18:18 - 2014-11-17 18:19 - 04215584 _____ () C:\Users\Heidi\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-16 21:35 - 2014-11-16 21:35 - 00028476 _____ () C:\Users\Heidi\Desktop\dds.txt
2014-11-16 21:35 - 2014-11-16 21:35 - 00013743 _____ () C:\Users\Heidi\Desktop\attach.txt
2014-11-16 21:33 - 2014-11-16 21:33 - 00688992 ____R (Swearware) C:\Users\Heidi\Downloads\dds.com
2014-11-16 19:05 - 2014-11-16 19:05 - 00006599 _____ () C:\Users\Heidi\Downloads\startuplist.txt
2014-11-16 17:38 - 2014-11-16 21:22 - 00012092 _____ () C:\Users\Heidi\Desktop\hijackthis.log
2014-11-16 17:36 - 2014-11-16 17:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Heidi\Desktop\HijackThis.exe
2014-11-15 20:30 - 2014-11-15 20:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-15 20:30 - 2014-11-15 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 20:29 - 2014-11-15 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 20:25 - 2014-11-15 20:25 - 00638888 _____ (Oracle Corporation) C:\Users\Heidi\Downloads\jxpiinstall(5).exe
2014-11-15 20:00 - 2014-11-15 20:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-11-15 20:00 - 2014-11-15 20:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-11-15 19:59 - 2014-11-15 19:59 - 00638888 _____ (Oracle Corporation) C:\Users\Heidi\Downloads\jxpiinstall(4).exe
2014-11-15 19:45 - 2014-11-17 18:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-15 19:45 - 2014-11-16 10:55 - 00002210 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-15 19:45 - 2014-11-15 19:45 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\AVAST Software
2014-11-15 19:45 - 2014-11-15 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-15 19:45 - 2014-11-15 19:44 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-15 19:45 - 2014-11-15 19:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-15 19:44 - 2014-11-15 19:44 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-15 19:44 - 2014-11-15 19:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-15 19:34 - 2014-11-15 19:34 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-15 19:33 - 2014-11-15 19:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-15 18:45 - 2014-11-15 18:46 - 05006864 _____ (AVAST Software) C:\Users\Heidi\Downloads\avast_free_antivirus_setup_online.exe
2014-11-15 18:14 - 2014-11-15 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 18:14 - 2014-11-15 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-15 18:14 - 2014-11-15 18:14 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-15 18:09 - 2014-11-15 18:09 - 00244120 _____ () C:\Users\Heidi\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-15 15:18 - 2014-11-17 18:33 - 00151200 _____ () C:\Windows\PFRO.log
2014-11-15 15:18 - 2014-11-15 15:18 - 00377056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 19:55 - 2014-11-14 19:55 - 00164499 _____ () C:\Users\Heidi\Documents\(2 unread) - legaleagle1967 - Yahoo Mail.html
2014-11-14 16:17 - 2014-11-14 16:17 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2014-11-14 16:15 - 2014-11-15 19:25 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Vosteran-old
2014-11-14 16:15 - 2014-11-14 16:15 - 00613012 _____ (CMI Limited) C:\Users\Heidi\AppData\Local\nsh6995.tmp
2014-11-14 16:12 - 2014-11-17 18:33 - 00000874 _____ () C:\Windows\setupact.log
2014-11-14 16:12 - 2014-11-14 16:12 - 00002065 _____ () C:\Windows\patsearch.bin
2014-11-14 16:12 - 2014-11-14 16:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-14 16:12 - 2014-11-14 16:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 16:08 - 2014-11-17 18:15 - 00000292 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2014-11-14 16:08 - 2014-11-14 16:08 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
2014-11-13 19:58 - 2014-11-13 19:58 - 00091744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-11-13 19:31 - 2014-11-13 19:31 - 00012944 _____ () C:\bookmark.htm
2014-11-13 19:30 - 2014-11-17 18:39 - 00241535 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 19:24 - 2014-11-13 19:25 - 00760148 _____ () C:\Users\Heidi\Documents\cc_20141113_192454.reg
2014-11-13 19:03 - 2014-11-13 19:03 - 00000000 __SHD () C:\Users\Heidi\AppData\Local\EmieBrowserModeList
2014-11-11 17:36 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 17:36 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 17:36 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 17:36 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 17:36 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 17:36 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 17:36 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 17:36 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 17:36 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 17:36 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 17:36 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 17:36 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 17:36 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 17:36 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 17:36 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 17:36 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 17:36 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 17:36 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 17:36 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 17:36 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 17:36 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 17:36 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 17:36 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 17:36 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 17:36 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 17:36 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 17:36 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 17:36 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 17:36 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 17:36 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 17:36 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 17:36 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 17:36 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 17:36 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 17:36 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 17:36 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 17:36 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 17:36 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 17:36 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 17:36 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 17:36 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 17:36 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 17:36 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 17:36 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 17:36 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 17:36 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 17:36 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 17:36 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 17:36 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 17:36 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 17:36 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 17:36 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 17:36 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 17:36 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 17:36 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 17:36 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 16:46 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 16:46 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 16:46 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 16:46 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 16:46 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 16:46 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 16:46 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 16:46 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 16:46 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 16:46 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 16:45 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 16:45 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 16:45 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 16:45 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 16:45 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 16:45 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 16:45 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 16:45 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 16:45 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 16:45 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 16:45 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 16:45 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 16:40 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 16:40 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 16:40 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 16:40 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 16:34 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 16:34 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 16:34 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 16:34 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 16:34 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 16:34 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 16:34 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 16:34 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 16:34 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 16:34 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 16:34 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 16:34 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 16:34 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 16:33 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 16:33 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-10-22 16:18 - 2014-10-22 16:18 - 00000000 ____D () C:\Users\jim\AppData\Local\Avg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 18:41 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 18:41 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 18:34 - 2013-11-21 19:28 - 00000858 _____ () C:\Windows\Tasks\AV_PWB.job
2014-11-17 18:34 - 2013-08-06 20:34 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-17 18:34 - 2013-05-31 13:58 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-17 18:34 - 2012-04-05 17:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 18:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 18:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-11-17 18:13 - 2012-10-03 19:21 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3278942956-2088543606-3240816469-1000UA.job
2014-11-16 21:53 - 2014-06-15 12:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 20:28 - 2012-10-03 19:21 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3278942956-2088543606-3240816469-1000Core.job
2014-11-16 19:42 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-11-16 19:25 - 2010-01-03 19:33 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8CB77CF4-B13F-433D-A3A9-B82340C4A2DE}
2014-11-16 07:34 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-11-15 20:31 - 2014-02-16 12:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-15 20:00 - 2014-06-24 03:32 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Adobe
2014-11-15 20:00 - 2009-12-04 06:58 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Adobe
2014-11-15 20:00 - 2009-08-16 22:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-15 19:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-11-15 18:33 - 2014-06-15 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-15 18:33 - 2014-06-15 12:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 18:33 - 2014-02-16 12:33 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 18:21 - 2011-09-28 19:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-15 18:21 - 2009-12-10 21:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-15 18:16 - 2009-12-08 18:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-15 18:14 - 2011-12-15 14:39 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-15 17:23 - 2013-08-07 22:02 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Deployment
2014-11-15 16:52 - 2014-08-04 15:21 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-11-15 16:52 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 16:52 - 2012-01-15 20:17 - 00000000 ____D () C:\Users\Heidi\AppData\Local\QuickPlay
2014-11-15 16:52 - 2011-11-17 07:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-15 16:52 - 2009-12-05 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-15 16:52 - 2009-12-04 05:39 - 00000000 ____D () C:\Users\Heidi
2014-11-15 16:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 16:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-15 16:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-13 19:29 - 2013-04-03 13:26 - 00091744 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-11-13 19:28 - 2009-10-11 03:44 - 00002798 _____ () C:\ProgramData\hpqp.ini
2014-11-13 19:24 - 2009-12-08 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-13 19:24 - 2009-12-05 23:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-13 19:23 - 2009-12-08 18:18 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Skype
2014-11-13 19:22 - 2009-12-08 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-11-13 19:20 - 2013-08-06 16:49 - 00000000 ____D () C:\Users\Heidi\Tracing
2014-11-13 19:20 - 2010-05-15 15:35 - 00000000 ____D () C:\Windows\Minidump
2014-11-13 19:20 - 2009-07-25 01:11 - 00000000 ____D () C:\Windows\Panther
2014-11-13 19:13 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 04:51 - 2013-08-16 03:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 04:44 - 2012-04-05 17:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 04:44 - 2012-04-05 17:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 04:44 - 2011-05-18 19:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 04:43 - 2009-12-13 08:24 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 04:42 - 2014-09-09 15:33 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-11 16:02 - 2012-04-22 13:22 - 00000000 ____D () C:\Users\jim
2014-11-10 04:56 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-09 09:05 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-04 14:30 - 2009-12-10 17:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-22 16:27 - 2013-10-28 19:23 - 00000000 ____D () C:\ProgramData\AVG2014

Some content of TEMP:
====================
C:\Users\Heidi\AppData\Local\Temp\2C4EB884-0951-7C69-5F58-0FA2DC97951C.dll
C:\Users\Heidi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe
C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll
C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite19050.dll
C:\Users\jim\AppData\Local\Temp\msvcp100.dll
C:\Users\jim\AppData\Local\Temp\msvcr100.dll
C:\Users\jim\AppData\Local\Temp\tbElf0.dll
C:\Users\jim\AppData\Local\Temp\tbPag0.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 13:43

==================== End Of Log ============================
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 17th, 2014, 7:54 pm

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Heidi at 2014-11-17 18:51:33
Running from C:\Users\Heidi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
COM Port Toolkit 3.9 (HKLM-x32\...\COM Port Toolkit_is1) (Version: 3.9 - Michael Golikov)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
docXConverter 3.1.2 (HKLM-x32\...\docXConverter3_is1) (Version: 3.1.2 - Panergy LTD.)
Dyno-Scan OBD II USB Adapter (Driver Removal) (HKLM-x32\...\AUTECOMM&10C4&8177) (Version: - )
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
GearHeadConnect (HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\5e3871369da9878e) (Version: 1.0.0.4 - GearHead Connect)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{EC21DBC6-C760-463D-8866-BFACBB28A3E3}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{E319D46F-4F14-4867-94CD-FB203ED60AFC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Excel Packages (HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\Microsoft Excel Packages) (Version: - ) <==== ATTENTION
Microsoft Office 365 Home Premium Preview - es-es (HKLM\...\Microsoft Office Profesional 15 (Technical Preview) - es-es) (Version: 15.0.4128.1025 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4128.1025 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4128.1022 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4128.1022 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
VCDS Release 11.11.4 (HKLM-x32\...\VCDS Release 11.11) (Version: 11.11.4 - Ross-Tech)
VCDS-Lite 1.1 (HKLM-x32\...\VCDS-Lite 1.1) (Version: 1.1 - Ross-Tech)
Virtual Serial Port Driver 7.1 (Build 7.1.289) (HKLM\...\Virtual Serial Port Driver_is1) (Version: - ELTIMA Software)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

15-11-2014 21:18:11 Restore Operation
15-11-2014 23:17:34 Removed AVG 2015
15-11-2014 23:19:44 Removed AVG 2015
16-11-2014 00:34:27 avast! antivirus system restore point
16-11-2014 01:13:55 Removed Java(TM) 6 Update 20
16-11-2014 01:16:05 Removed Java(TM) 6 Update 14 (64-bit)
16-11-2014 01:17:40 Removed Java 7 Update 55
16-11-2014 16:56:47 Windows Update
17-11-2014 00:00:37 Windows Backup
17-11-2014 01:01:34 Removed service pack backup files
17-11-2014 01:55:19 Removed Visual Studio 2012 x86 Redistributables

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-16 20:53 - 00373677 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0856CF61-E305-49A7-B67F-F762EE5182F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {0D58BCB2-ED52-4398-917F-A38522C18C14} - System32\Tasks\{692A5844-263F-4247-B0FE-54040D23336C} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/a ... velpresent
Task: {10097A6E-70C5-4121-8FF6-AF941A6B4137} - System32\Tasks\Microsoft\Office\Actualizaciones automáticas de Office => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11] (Microsoft Corporation)
Task: {1EF01F1A-6099-4764-B568-49A944A4EF5B} - System32\Tasks\WSE_Vosteran => C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2BCE69F6-F444-4B98-A074-96F3B03DDD4D} - System32\Tasks\{87845325-D915-4900-8B3A-AB05177AC55B} => C:\Program Files (x86)\VAG-COM\VagCom.exe
Task: {2ECDE956-F454-497F-AF86-CAFF4DACE7E4} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {33BFDA34-5836-49A3-9410-98E5FE4A9871} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {3BB54EC6-3950-4870-8683-A71E0A3DED8E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3278942956-2088543606-3240816469-1000UA => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4556ED7E-92CF-44CA-ACD1-824E1294B7AE} - System32\Tasks\{60FB227E-6BFC-4CEE-8123-45C6D300DD26} => E:\KKL Vag-com V409\Release4091us.exe
Task: {4F9D0D95-9064-4A73-B302-EF1895030D05} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3278942956-2088543606-3240816469-1000Core => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {54C587F6-269F-4FA6-AAE8-4BDD32F79F9F} - System32\Tasks\AV_PWB => C:\Program Files (x86)\AVG SafeGuard toolbar\BundleInstall.exe
Task: {624361C8-578F-4604-B092-40455C3C8778} - System32\Tasks\{124EE9BB-16BF-40EC-BB8D-0C659688E78B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/a ... velpresent
Task: {6523FF6B-A2B2-43F9-B08F-79A80D8E449D} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{CE80E9E2-DBCE-4C4F-A55E-B564CAFB7DF4}.exe
Task: {66D31520-A5E0-41D4-B5A2-297E43CD3CFA} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {6CE8F2C7-3CE5-43D4-9DF1-8436C167BF17} - System32\Tasks\{204BCA43-D300-43ED-AF9F-A46A22ECEE5B} => C:\Windows\system32\WindowsAnytimeUpgradeUI.exe [2009-07-13] (Microsoft Corporation)
Task: {73E67089-63A3-4D0D-9344-FCDFFB4AD33C} - System32\Tasks\{6D665B69-5F7A-4ABD-8987-F82B32ACFB9B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/a ... velpresent
Task: {77C6438A-EADD-42AE-905A-AFF7A2F26D2D} - System32\Tasks\{51D9F6F7-3EB3-4BC7-A254-A9934AFEF995} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {7BDEFBAE-57E2-4380-A472-DAD83337A0EF} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {81948C29-9450-4C97-BEBB-80FEC337AE90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {867BEC7F-E9E5-4039-B275-928F886F5BA7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8CECBE49-18D5-41E9-823F-E0BE5FA11537} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {AD32614A-666C-4B1E-BF57-7D431E5C6878} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
Task: {BD062075-8B38-4690-8B9B-81948F0300D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-15] (AVAST Software)
Task: {BEA3DCDD-FCFE-47A7-BA22-945B3689D348} - System32\Tasks\{EDDF39C8-1E0A-44BC-83D7-AE75C9D534F3} => C:\Program Files (x86)\VAG-COM\VagCom.exe
Task: {D19CD5A8-C3E8-4798-A559-A7F34BBE1FFB} - System32\Tasks\4664 => Wscript.exe C:\Users\Heidi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D6DF7F03-FF22-4336-AF32-EEF9FA6B35D2} - System32\Tasks\{DB2EE620-CF46-4EB9-875D-077DBA307513} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.111/en/a ... velpresent
Task: {FF4D0436-14DC-4A6B-801E-5ED59C229C47} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{CE80E9E2-DBCE-4C4F-A55E-B564CAFB7DF4}.exe
Task: C:\Windows\Tasks\AV_PWB.job => C:\Program Files (x86)\AVG SafeGuard toolbar\BundleInstall.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3278942956-2088543606-3240816469-1000Core.job => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3278942956-2088543606-3240816469-1000UA.job => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-01-29 19:33 - 2012-08-16 22:55 - 00268912 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-01-29 19:33 - 2012-08-16 22:57 - 00469616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-01-29 19:33 - 2012-09-11 18:13 - 00538224 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2009-08-16 22:52 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-11-17 18:14 - 2014-11-17 18:14 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111701\algo.dll
2014-11-15 19:44 - 2014-11-15 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:7679F245

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0913a => C:\Users\Heidi\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid d935ff0f7f8ad66b4367dbadead734c3-187a0ad3eb01f36177fbb32254235c1e932f5928 --CMPID 0913a
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BB422C61445BA1ED675A4BC9541E177A => "C:\Users\Heidi\AppData\Local\Vosteran\Application\vosteran.exe" --auto-launch-at-startup --profile-directory="Default"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize
MSCONFIG\startupreg: QPService => "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3278942956-2088543606-3240816469-500 - Administrator - Disabled)
Guest (S-1-5-21-3278942956-2088543606-3240816469-501 - Limited - Disabled) => C:\Users\Guest
Heidi (S-1-5-21-3278942956-2088543606-3240816469-1000 - Administrator - Enabled) => C:\Users\Heidi
HomeGroupUser$ (S-1-5-21-3278942956-2088543606-3240816469-1002 - Limited - Enabled)
jim (S-1-5-21-3278942956-2088543606-3240816469-1003 - Administrator - Enabled) => C:\Users\jim

==================== Faulty Device Manager Devices =============

Name: bbnfd_1_10_0_2
Description: bbnfd_1_10_0_2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bbnfd_1_10_0_2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 06:35:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperAgent.exe, version: 2.0.44.0, time stamp: 0x4d41dffe
Faulting module name: MotoHelperAgent.exe, version: 2.0.44.0, time stamp: 0x4d41dffe
Exception code: 0x40000015
Fault offset: 0x00030a00
Faulting process id: 0xce4
Faulting application start time: 0xMotoHelperAgent.exe0
Faulting application path: MotoHelperAgent.exe1
Faulting module path: MotoHelperAgent.exe2
Report Id: MotoHelperAgent.exe3

Error: (11/16/2014 08:01:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {223a33ec-bfd2-4cc9-89e9-81cba20bd103}

Error: (11/15/2014 08:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e381
Faulting process id: 0x520
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (11/15/2014 06:19:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (11/15/2014 05:09:23 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (11/15/2014 04:41:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (11/15/2014 01:20:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.0.21, time stamp: 0x540f52c0
Faulting module name: npswf32.dll, version: 11.4.402.265, time stamp: 0x502bf58e
Exception code: 0xc0000005
Fault offset: 0x001d13de
Faulting process id: 0x348c
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3

Error: (11/14/2014 07:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UPDATE~1.EXE, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x13d4
Faulting application start time: 0xUPDATE~1.EXE0
Faulting application path: UPDATE~1.EXE1
Faulting module path: UPDATE~1.EXE2
Report Id: UPDATE~1.EXE3

Error: (11/14/2014 05:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.122, time stamp: 0x545aa568
Faulting module name: chrome.dll, version: 38.0.2125.122, time stamp: 0x545aa265
Exception code: 0xc0000005
Fault offset: 0x01143f0c
Faulting process id: 0x119c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/13/2014 07:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: This operation returned because the timeout period expired.
.


System errors:
=============
Error: (11/17/2014 06:39:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/17/2014 06:34:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bbnfd_1_10_0_2

Error: (11/17/2014 06:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMPT service failed to start due to the following error:
%%1275

Error: (11/17/2014 06:33:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\COMPT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/17/2014 06:33:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (11/17/2014 06:33:06 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/17/2014 06:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (11/17/2014 06:33:00 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/17/2014 06:32:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/17/2014 06:32:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Servicio de Microsoft Office service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (11/17/2014 06:35:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperAgent.exe2.0.44.04d41dffeMotoHelperAgent.exe2.0.44.04d41dffe4000001500030a00ce401d002bf07b736faC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe642ea638-6eb2-11e4-bbab-00269e2d9c80

Error: (11/16/2014 08:01:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {223a33ec-bfd2-4cc9-89e9-81cba20bd103}

Error: (11/15/2014 08:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecntdll.dll6.1.7601.18247521ea8e7c00000050002e38152001d0013d702896beC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll926cbd16-6d32-11e4-bd71-ccda0f005af3

Error: (11/15/2014 06:19:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (11/15/2014 05:09:23 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005

Error: (11/15/2014 04:41:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005

Error: (11/15/2014 01:20:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StormWatchBrowser.exe1.0.0.21540f52c0npswf32.dll11.4.402.265502bf58ec0000005001d13de348c01d000de0c86db76C:\Users\Heidi\AppData\Local\StormWatch\StormWatchBrowser.exeC:\Users\Heidi\AppData\Local\StormWatch\plugin\npswf32.dll0b8aaf6e-6cf4-11e4-a7ad-00269e2d9c80

Error: (11/14/2014 07:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19ole32.dll6.1.7601.175144ce7b96fc00000050003934213d401d0006dbac0d334C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXEC:\Windows\syswow64\ole32.dll0499ca44-6c61-11e4-a7ad-00269e2d9c80

Error: (11/14/2014 05:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.122545aa568chrome.dll38.0.2125.122545aa265c000000501143f0c119c01d0004fb3d5cba5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\chrome.dll2bb6e865-6c4f-11e4-a7ad-00269e2d9c80

Error: (11/13/2014 07:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownlo ... 8B.crtThis operation returned because the timeout period expired.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II Dual-Core M300
Percentage of memory in use: 50%
Total physical RAM: 2812.2 MB
Available physical RAM: 1391.73 MB
Total Pagefile: 5622.58 MB
Available Pagefile: 4422.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.48 GB) (Free:169.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 566FB4A6)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby Cypher » November 18th, 2014, 7:13 am

Hi,
Continue with the instructions below, once done let me know how the computer is running.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\MountPoints2: {0f61ef6c-2ee1-11df-a715-00269e2d9c80} - F:\LaunchU3.exe
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 114&lng=en
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80114
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
    BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
    BHO-x32: No Name -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
    Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
    Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF SearchPlugin: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\searchplugins\Vosteran.xml
    FF Extension: No Name - wrc@avast.com [Not Found]
    CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_adk5_14 ... 784084&ir=
    CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=", "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0F0ByCtAtAzytGtA0F0CyDtG0DyB0EyBtG0DyDtCzytGtDtCzzyEzz0C0EyBtD0E0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=1120535139&ir="
    CHR DefaultSearchKeyword: Default -> groovorio.com
    CHR DefaultSearchURL: Default -> http://groovorio.com/results.php?f=4&q= {searchTerms}&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=
    CHR Extension: (Vgrabber v1) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb [2013-08-04]
    CHR Extension: (InternetHelper3.1) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-08-24]
    CHR HKLM-x32\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Heidi\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2012-12-10]
    CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Heidi\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-08-08]
    S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    2014-11-14 16:15 - 2014-11-15 19:25 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Vosteran-old
    2014-11-14 16:15 - 2014-11-14 16:15 - 00613012 _____ (CMI Limited) C:\Users\Heidi\AppData\Local\nsh6995.tmp
    2014-11-14 16:08 - 2014-11-17 18:15 - 00000292 _____ () C:\Windows\Tasks\WSE_Vosteran.job
    2014-11-14 16:08 - 2014-11-14 16:08 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
    C:\Users\Heidi\AppData\Local\Temp\2C4EB884-0951-7C69-5F58-0FA2DC97951C.dll
    C:\Users\Heidi\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe
    C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll
    C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite19050.dll
    C:\Users\jim\AppData\Local\Temp\msvcp100.dll
    C:\Users\jim\AppData\Local\Temp\msvcr100.dll
    C:\Users\jim\AppData\Local\Temp\tbElf0.dll
    C:\Users\jim\AppData\Local\Temp\tbPag0.dll
    Task: {1EF01F1A-6099-4764-B568-49A944A4EF5B} - System32\Tasks\WSE_Vosteran => C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {D19CD5A8-C3E8-4798-A559-A7F34BBE1FFB} - System32\Tasks\4664 => Wscript.exe C:\Users\Heidi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {FF4D0436-14DC-4A6B-801E-5ED59C229C47} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:7679F245
    
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • zoek-results.log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 19th, 2014, 6:58 am

fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Heidi at 2014-11-19 05:50:31 Run:1
Running from C:\Users\Heidi\Desktop
Loaded Profile: Heidi (Available profiles: Heidi & jim & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\...\MountPoints2: {0f61ef6c-2ee1-11df-a715-00269e2d9c80} - F:\LaunchU3.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 114&lng=en
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80114
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: No Name -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
Toolbar: HKU\S-1-5-21-3278942956-2088543606-3240816469-1000 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\searchplugins\Vosteran.xml
FF Extension: No Name - wrc@avast.com [Not Found]
CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_adk5_14 ... 784084&ir=
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=", "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_46_ch&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0F0ByCtAtAzytGtA0F0CyDtG0DyB0EyBtG0DyDtCzytGtDtCzzyEzz0C0EyBtD0E0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=1120535139&ir="
CHR DefaultSearchKeyword: Default -> groovorio.com
CHR DefaultSearchURL: Default -> http://groovorio.com/results.php?f=4&q= {searchTerms}&a=grv_adk5_14_29&cd=2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q&cr=892784084&ir=
CHR Extension: (Vgrabber v1) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb [2013-08-04]
CHR Extension: (InternetHelper3.1) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Heidi\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Heidi\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-08-08]
S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2014-11-14 16:15 - 2014-11-15 19:25 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Vosteran-old
2014-11-14 16:15 - 2014-11-14 16:15 - 00613012 _____ (CMI Limited) C:\Users\Heidi\AppData\Local\nsh6995.tmp
2014-11-14 16:08 - 2014-11-17 18:15 - 00000292 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2014-11-14 16:08 - 2014-11-14 16:08 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
C:\Users\Heidi\AppData\Local\Temp\2C4EB884-0951-7C69-5F58-0FA2DC97951C.dll
C:\Users\Heidi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe
C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll
C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite19050.dll
C:\Users\jim\AppData\Local\Temp\msvcp100.dll
C:\Users\jim\AppData\Local\Temp\msvcr100.dll
C:\Users\jim\AppData\Local\Temp\tbElf0.dll
C:\Users\jim\AppData\Local\Temp\tbPag0.dll
Task: {1EF01F1A-6099-4764-B568-49A944A4EF5B} - System32\Tasks\WSE_Vosteran => C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D19CD5A8-C3E8-4798-A559-A7F34BBE1FFB} - System32\Tasks\4664 => Wscript.exe C:\Users\Heidi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {FF4D0436-14DC-4A6B-801E-5ED59C229C47} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Heidi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:7679F245

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

*****************

"HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f61ef6c-2ee1-11df-a715-00269e2d9c80}" => Key deleted successfully.
"HKCR\CLSID\{0f61ef6c-2ee1-11df-a715-00269e2d9c80}" => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\SearchAssistant => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\CustomizeSearch => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0347C33E-8762-4905-BF09-768834316C61}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5DB69B97-934B-451D-94DB-32EF802A01CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ABD3B5E1-B268-407B-A150-2641DAB8D898}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => Key deleted successfully.
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} => value deleted successfully.
"HKCR\CLSID\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}" => Key not found.
HKU\S-1-5-21-3278942956-2088543606-3240816469-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} => value deleted successfully.
"HKCR\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\searchplugins\Vosteran.xml => Moved successfully.
FF Extension: No Name - wrc@avast.com [Not Found] not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb => Moved successfully.
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb" => Key deleted successfully.
C:\Users\Heidi\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.
C:\Users\Heidi\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx => Moved successfully.
bbnfd_1_10_0_2 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\Users\Heidi\AppData\Local\Vosteran-old => Moved successfully.
C:\Users\Heidi\AppData\Local\nsh6995.tmp => Moved successfully.
C:\Windows\Tasks\WSE_Vosteran.job => Moved successfully.
C:\Windows\System32\Tasks\WSE_Vosteran => Moved successfully.
C:\Users\Heidi\AppData\Local\Temp\2C4EB884-0951-7C69-5F58-0FA2DC97951C.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\Temp\System.Data.SQLite19050.dll => Moved successfully.
C:\Users\jim\AppData\Local\Temp\msvcp100.dll => Moved successfully.
C:\Users\jim\AppData\Local\Temp\msvcr100.dll => Moved successfully.
C:\Users\jim\AppData\Local\Temp\tbElf0.dll => Moved successfully.
C:\Users\jim\AppData\Local\Temp\tbPag0.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EF01F1A-6099-4764-B568-49A944A4EF5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EF01F1A-6099-4764-B568-49A944A4EF5B}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Vosteran not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D19CD5A8-C3E8-4798-A559-A7F34BBE1FFB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D19CD5A8-C3E8-4798-A559-A7F34BBE1FFB}" => Key deleted successfully.
C:\Windows\System32\Tasks\4664 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4664" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF4D0436-14DC-4A6B-801E-5ED59C229C47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4D0436-14DC-4A6B-801E-5ED59C229C47}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\Windows\Tasks\WSE_Vosteran.job not found.
C:\ProgramData\Temp => ":7679F245" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 650.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby Cypher » November 19th, 2014, 7:45 am

Hi,
I'm still waiting on the zoek-results.log.
Also let me know how the computer is running now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 19th, 2014, 8:09 am

zoek-results.log


Zoek.exe v5.0.0.0 Updated 16-November-2014
Tool run by Heidi on Wed 11/19/2014 at 6:00:57.19.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Heidi\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

11/19/2014 6:04:28 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default

user.js not found
---- Lines srchvstrn removed from prefs.js ----
user_pref("extensions.srchvstrn.AL", 4);
user_pref("extensions.srchvstrn.aflt", "vst_cmi_14_46_ch");
user_pref("extensions.srchvstrn.appId", "{4CB3598A-82E8-4D1F-983F-061238AE696E}");
user_pref("extensions.srchvstrn.cd", "2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1S
user_pref("extensions.srchvstrn.cr", "1120535139");
user_pref("extensions.srchvstrn.data.1475e97c0146bfb1c490339546d9e72ee", "1");
user_pref("extensions.srchvstrn.data._dy", "20141115");
user_pref("extensions.srchvstrn.data.a._dy", "20141115");
user_pref("extensions.srchvstrn.data.a.aliveDate", "20141115");
user_pref("extensions.srchvstrn.data.cc", "us");
user_pref("extensions.srchvstrn.data.ccfc1eb13092ea34473c169417eefd00", "1");
user_pref("extensions.srchvstrn.dfltLng", "");
user_pref("extensions.srchvstrn.dfltSrch", true);
user_pref("extensions.srchvstrn.dnsErr", true);
user_pref("extensions.srchvstrn.excTlbr", false);
user_pref("extensions.srchvstrn.general.guid", "33a9c8c7-87a1-4849-95c2-830daa78fd59");
user_pref("extensions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.id", "2EEEE6AA172BD7EC");
user_pref("extensions.srchvstrn.instlDay", "16388");
user_pref("extensions.srchvstrn.instlRef", "142905_b");
user_pref("extensions.srchvstrn.prdct", "srchvstrn");
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.tlbrId", "");
user_pref("extensions.srchvstrn.vrsn", "");
user_pref("extensions.srchvstrn.vrsni", "");
user_pref("extensions.srchvstrn_i.newTab", true);
user_pref("extensions.srchvstrn_i.smplGrp", "none");
user_pref("extensions.srchvstrn_i.vrsnTs", "16:7:56");
---- Lines RightSurf removed from prefs.js ----
user_pref("extensions.RightSurf.asul", "1403353380188");
user_pref("extensions.RightSurf.aul", "1403353148133");
user_pref("extensions.RightSurf.irl", true);
user_pref("extensions.RightSurf.is", "isgiwhUS");
user_pref("extensions.RightSurf.ug", "9D1F3748-7EC9-46B1-98B3-AF51D164F888");
---- Lines nspdl removed from prefs.js ----
user_pref("extensions.nspdl.aflt", "irmsd0103");
user_pref("extensions.nspdl.cd", "2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0SyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R")
user_pref("extensions.nspdl.cr", "235128838");
user_pref("extensions.nspdl.data.activeDate", "20140206");
user_pref("extensions.nspdl.data.aliveDate", "20140209");
user_pref("extensions.nspdl.data.cc", "us");
user_pref("extensions.nspdl.data.configDate", "20140206");
user_pref("extensions.nspdl.data.instlDate", "20140129");
user_pref("extensions.nspdl.data.ra-44e7a62cdd62070dd44923071bd3bbd7", "4ea18e6e7385a5406da303b65daee602");
user_pref("extensions.nspdl.data.ra-872bb23eeaa531e88719b185b415ff36", "f9d392e4b9e12ba96c4fa87b205692c9");
user_pref("extensions.nspdl.data.ra-abc402c70e46e8cc70f0532c455a3c97", "f7eca2bfe69ac530923d3583cd891720");
user_pref("extensions.nspdl.general.content", "favorites-dcf76356673f18559bd064a914f3ac89");
user_pref("extensions.nspdl.general.firstRun", false);
user_pref("extensions.nspdl.general.guid", "f40cd28c-5a79-4fc5-a8c9-4db10faa5327");
user_pref("extensions.nspdl.general.version", "9.5.3");
user_pref("extensions.nspdlgrvrio.aflt", "grv_adk5_14_29");
user_pref("extensions.nspdlgrvrio.cd", "2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1J
user_pref("extensions.nspdlgrvrio.cr", "892784084");
user_pref("extensions.nspdlgrvrio.data._dy", "20141115");
user_pref("extensions.nspdlgrvrio.data.aliveDate", "20141115");
user_pref("extensions.nspdlgrvrio.data.cc", "us");
user_pref("extensions.nspdlgrvrio.data.cg", "37");
user_pref("extensions.nspdlgrvrio.data.instlDate", "20141115");
user_pref("extensions.nspdlgrvrio.data.ra-03cd8495be60971ed04a8ea7e0787e96", "bd451c8d11a5dff6d13b2e97b0853e2e");
user_pref("extensions.nspdlgrvrio.data.ra-65b71db09f71c6c7d7b2071c59e0da25", "b6748e24c831ed213bc612cd2fc88b00");
user_pref("extensions.nspdlgrvrio.data.ra-872bb23eeaa531e88719b185b415ff36", "0c3c3e9a4d73b48e34cd73616fda7277");
user_pref("extensions.nspdlgrvrio.data.ra-abc402c70e46e8cc70f0532c455a3c97", "0157e105ad476f12aaae9a9e805f3d20");
user_pref("extensions.nspdlgrvrio.general.firstRun", false);
user_pref("extensions.nspdlgrvrio.general.guid", "c131929a-b8a4-48cd-bd63-d3f7391aa43f");
user_pref("extensions.nspdlgrvrio.general.version", "9.5.7");
user_pref("extensions.nspdlgrvrio.instlRef", "grv_adk5_14_29");
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.storage.mam_gk_userId", "66616133336466382D633265382D346335372D383033362D373363363230323931363239");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.defaulttab.installdate", 1377370823);
---- FireFox user.js and prefs.js backups ----

prefs_20141119_0623_.backup

ProfilePath: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\r8dg0eup.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20141119_0623_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\Users\Heidi\AppData\LocalLow\PageRage deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\PROGRA~2\The Weather Channel deleted
C:\install.exe deleted
C:\Users\Heidi\AppData\Roaming\WB.CFG deleted
C:\Users\Heidi\AppData\Roaming\docXConverter (3).ini deleted
C:\PROGRA~3\hpqp.txt deleted
C:\Users\Heidi\AppData\Local\CRE deleted
C:\Windows\patsearch.bin deleted
C:\Users\Heidi\Downloads\avg_free_stb_all_2014_4577_cnet.exe deleted
C:\Users\Heidi\Downloads\avg_free_stb_all_9_40_cnet.exe deleted
C:\Users\Heidi\AppData\LocalLow\AVG Web TuneUp deleted
C:\Users\jim\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\Windows\tasks\AV_PWB.job deleted
C:\windows\SysNative\tasks\AV_PWB deleted
C:\windows\SysNative\drivers\Msft_Kernel_webinstrT_01009.Wdf deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\CT3286042 deleted
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\CT3289663 deleted
C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\r8dg0eup.default\extensions\staged deleted
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\nspdl deleted
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\smartbar deleted
"C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\jetpack" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/15/2014 07:44 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - {99B98C2C-7274-45a3-A640-D9DF1A1C8460}
- Undetermined - wrc@avast.com
- CookieCuller - %ProfilePath%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
5ABD200D17C67E692D56ACA5B07C31B3 - C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll - Microsoft Office 2013
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/15/2014 07:44 PM]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
jnidgldcbakaidffpjinopjbmobecifb - C:\Users\Heidi\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx[]
nemfjadlboooiffmcelkafilagddogim - C:\Users\Heidi\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx[]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]

Google Voice Search Hotword (Beta) - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Chromium Fix ======================

C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jnidgldcbakaidffpjinopjbmobecifb_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jnidgldcbakaidffpjinopjbmobecifb_0 deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnidgldcbakaidffpjinopjbmobecifb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"
"IconCache"="http://www.google.com"
"Search Page"="https://www.google.com/search?q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en"
"CustomizeSearch"="http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en"
"CustomizeSearch"="http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"IconCache"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{C6E455E9-A4B0-4E52-B4CC-8ADAFB54636F}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{C6E455E9-A4B0-4E52-B4CC-8ADAFB54636F} Google Url="https://www.google.com/search?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG-Secure-Search-Update_0913a deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_BB422C61445BA1ED675A4BC9541E177A deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OtShot deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Heidi\AppData\Local\Mozilla\Firefox\Profiles\n7qe0ovt.default\cache2 emptied successfully
C:\Users\jim\AppData\Local\Mozilla\Firefox\Profiles\r8dg0eup.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=792 folders=123 17480144 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Heidi\AppData\Local\Temp will be emptied at reboot
C:\Users\jim\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Heidi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on Wed 11/19/2014 at 7:06:29.57 ======================
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 19th, 2014, 8:18 am

Just did a quick run thru of some of the main websites that I go to. So far no pop-ups or embedded ads. I need to head to work but I can check more when I come home or run any further instructions that you may have. Thank you.
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby Cypher » November 19th, 2014, 8:53 am

Just did a quick run thru of some of the main websites that I go to. So far no pop-ups or embedded ads.

Excellent.
I need to head to work but I can check more when I come home or run any further instructions that you may have.

I need you to run another scan for me, keep me updated about the pop-up ads.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Tons of Pop-ups (take 2)

Unread postby polishcrusader » November 19th, 2014, 7:13 pm

ESET Log

C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\ZalmanInstaller_52330\otshotcomponent20.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\LocalLow\ConduitEngine\ConduitEngin0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\LocalLow\Elf_1.15\ldrtbElf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\LocalLow\Elf_1.15\tbElf0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\LocalLow\Elf_1.15\tbElf1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\LocalLow\Elf_1.15\tbElf2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heidi\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.U potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Heidi\AppData\Local\Vosteran-old\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Heidi\AppData\Local\Vosteran-old\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Heidi\AppData\Local\Vosteran-old\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Heidi\AppData\Local\Vosteran-old\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\jim\AppData\Local\Temp\tbElf0.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\jim\AppData\Local\Temp\tbPag0.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\ZalmanInstaller_52330\otshotcomponent20.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\Users\Heidi\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Heidi\Downloads\cnet2_paperlabelmaker_zip.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\jim\Downloads\cbsidlm-tr1_6-COM_Port_Toolkit-10064183.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Windows\Installer\MSI3A88.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\zoek_backup\C_Users_Heidi_AppData_LocalLow_PageRage\ldrtbPage.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_Heidi_AppData_LocalLow_PageRage\tbPage.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
polishcrusader
Active Member
 
Posts: 14
Joined: November 16th, 2014, 7:28 pm

Re: Tons of Pop-ups (take 2)

Unread postby Cypher » November 20th, 2014, 6:54 am

Hi,
Just did a quick run thru of some of the main websites that I go to. So far no pop-ups or embedded ads.

If you are having no further problems you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware