Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing Adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help removing Adware

Unread postby rgill14 » December 2nd, 2014, 9:40 pm

Sorry, accidentally posted the same message twice.
Last edited by rgill14 on December 2nd, 2014, 9:54 pm, edited 1 time in total.
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm
Advertisement
Register to Remove

Re: Need help removing Adware

Unread postby rgill14 » December 2nd, 2014, 9:53 pm

I cannot figure out how to download zoek.exe (or anything else, for that matter) to my desktop. When I right click on the download button, I am not offered the option to choose where to download the file to. So, I click on "download" and it automatically downloads into my "downloads" folder. When I downloaded FRST.ext previously, I actually typed in the address to my desktop and STILL ended up with it in "Downloads". So I have downloaded zoek.exe into my "downloads" folder. The box popped up, but I have NOT clicked on "more options" yet. Should I continue, or should I delete or uninstall zoek and start over?
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby Cypher » December 3rd, 2014, 6:45 am

rgill14 wrote:I cannot figure out how to download zoek.exe (or anything else, for that matter) to my desktop. When I right click on the download button, I am not offered the option to choose where to download the file to. So, I click on "download" and it automatically downloads into my "downloads" folder. When I downloaded FRST.ext previously, I actually typed in the address to my desktop and STILL ended up with it in "Downloads". So I have downloaded zoek.exe into my "downloads" folder. The box popped up, but I have NOT clicked on "more options" yet. Should I continue, or should I delete or uninstall zoek and start over?
What browser are you using to download the tools?
Go ahead and run zoek.exe form your Downloads folder, when done post the FRST and zoek logs.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help removing Adware

Unread postby rgill14 » December 3rd, 2014, 8:33 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Rejeana (administrator) on REJEANA-PC on 01-12-2014 21:36:31
Running from C:\Users\Rejeana\Downloads
Loaded Profile: Rejeana (Available profiles: Rejeana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Dropbox, Inc.) C:\Users\Rejeana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-25] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\Users\Rejeana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rejeana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {3AF320DE-16E7-4856-8CEA-027B73CE24F8} URL = http://yhs4.search.yahoo.com/yhs/search ... vast001&p={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> {06A9F526-BE8C-41E3-90AE-38359EB2DDD1} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-swat02
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> {3AF320DE-16E7-4856-8CEA-027B73CE24F8} URL = http://yhs4.search.yahoo.com/yhs/search ... vast001&p={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Rejeana\AppData\Roaming\Mozilla\Firefox\Profiles\g22iybvp.default
FF DefaultSearchEngine: v9
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: v9
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1634496136-2111562430-2021348028-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Rejeana\AppData\Roaming\Mozilla\Firefox\Profiles\g22iybvp.default\searchplugins\yahoo-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.v9.com/?type=hppp&ts=1416785 ... WD6400BPVT
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hppp&ts=1416785940&from=cor&uid=WDCXWD6400BPVT"
CHR DefaultSearchKeyword: Default -> v9
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google Search) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Avast Online Security) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
CHR Extension: (Gmail) - C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-25] (Avast Software)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-25] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-25] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:36 - 2014-12-01 21:37 - 00024763 _____ () C:\Users\Rejeana\Downloads\FRST.txt
2014-12-01 21:36 - 2014-12-01 21:36 - 00000000 ____D () C:\FRST
2014-12-01 21:34 - 2014-12-01 21:35 - 02117120 _____ (Farbar) C:\Users\Rejeana\Downloads\FRST64.exe
2014-12-01 20:57 - 2014-12-01 21:23 - 00000000 ____D () C:\AdwCleaner
2014-12-01 20:55 - 2014-12-01 20:55 - 02154496 _____ () C:\Users\Rejeana\Downloads\adwcleaner_4.103.exe
2014-12-01 20:40 - 2014-12-01 20:40 - 00000197 _____ () C:\Windows\system32\2014-12-02-02-40-30.041-AvastVBoxSVC.exe-2684.log
2014-12-01 19:48 - 2014-12-01 19:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 19:48 - 2014-12-01 19:48 - 00000792 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-01 19:48 - 2014-12-01 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-01 19:47 - 2014-12-01 19:48 - 00000000 ____D () C:\Users\Rejeana\Desktop\Malwarebytes Anti-Malware
2014-12-01 19:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 19:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 19:47 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-01 19:31 - 2014-12-01 19:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 19:29 - 2014-12-01 19:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Rejeana\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-12-01 06:51 - 2014-12-01 06:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Rejeana\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-12-01 06:50 - 2014-12-01 06:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Rejeana\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-27 21:03 - 2014-11-27 21:03 - 00010926 _____ () C:\Users\Rejeana\Desktop\attach.txt
2014-11-27 21:03 - 2014-11-27 21:02 - 00031273 _____ () C:\Users\Rejeana\Desktop\dds.txt
2014-11-27 20:59 - 2014-11-27 21:00 - 00688992 _____ (Swearware) C:\Users\Rejeana\Downloads\dds (1).scr
2014-11-27 20:57 - 2014-11-27 20:57 - 00688992 ____R (Swearware) C:\Users\Rejeana\Downloads\dds.scr
2014-11-27 07:50 - 2014-11-27 07:50 - 00000197 _____ () C:\Windows\system32\2014-11-27-13-50-25.057-AvastVBoxSVC.exe-4364.log
2014-11-26 12:33 - 2014-11-26 12:33 - 00000247 _____ () C:\Windows\system32\2014-11-26-18-33-18.015-aswFe.exe-2304.log
2014-11-26 12:24 - 2014-11-26 12:33 - 00000247 _____ () C:\Windows\system32\2014-11-26-18-24-23.060-aswFe.exe-5604.log
2014-11-26 12:24 - 2014-11-26 12:24 - 00000197 _____ () C:\Windows\system32\2014-11-26-18-24-11.020-AvastVBoxSVC.exe-1512.log
2014-11-26 06:48 - 2014-11-26 06:48 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-26 06:48 - 2014-11-26 06:48 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-25 22:20 - 2014-11-25 22:20 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-25 22:20 - 2014-11-25 22:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-25 22:20 - 2014-11-25 22:20 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-25 21:10 - 2014-11-25 21:10 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-24 21:56 - 2014-11-24 21:55 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-24 21:55 - 2014-11-24 21:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-24 21:55 - 2014-11-24 21:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-24 21:55 - 2014-11-24 21:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-24 21:55 - 2014-11-24 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 21:55 - 2014-11-24 21:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-24 21:35 - 2014-11-24 21:35 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 17:47 - 2014-11-23 17:47 - 00003142 _____ () C:\Windows\System32\Tasks\{8EA8C404-8F3D-46BD-A4C8-08F1D9C504A7}
2014-11-23 17:41 - 2014-11-23 17:41 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\IsolatedStorage
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files (x86)\STab
2014-11-23 17:36 - 2014-11-23 17:36 - 01029888 _____ ( ) C:\Users\Rejeana\Downloads\FileOpenerSetup.exe
2014-11-21 22:13 - 2014-11-21 22:15 - 10774917 _____ () C:\Users\Rejeana\Downloads\order-4863272-downloads.zip
2014-11-21 21:29 - 2014-11-21 21:29 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{065A34C3-FBCE-43E7-9359-E7761C370944}
2014-11-20 20:14 - 2014-11-20 20:14 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{5EAE0D3F-3E70-49FA-A83D-CFD7A646A75E}
2014-11-20 20:11 - 2014-11-20 20:11 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{2534CE57-929E-499A-BE24-660CC3ECBFB7}
2014-11-20 10:19 - 2014-11-25 19:50 - 00000000 ____D () C:\Users\Rejeana\Desktop\Jake's Album
2014-11-20 10:11 - 2014-11-20 10:12 - 00000000 ____D () C:\Users\Rejeana\Desktop\Pics for Rosetta B
2014-11-20 09:58 - 2014-11-20 10:11 - 00000000 ____D () C:\Users\Rejeana\Desktop\Ethiopia pics for kids
2014-11-20 09:21 - 2014-11-20 22:44 - 00000000 ____D () C:\Users\Rejeana\Desktop\Tyler's Album
2014-11-18 21:37 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:37 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:37 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:37 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-12 20:26 - 2014-11-12 20:26 - 00125349 _____ () C:\Users\Rejeana\Downloads\Attachments_20141112.zip
2014-11-11 21:55 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:55 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:55 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:55 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:55 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:55 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:55 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:55 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:55 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:55 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:55 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:55 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:55 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:55 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:55 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:55 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:55 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:55 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:55 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:55 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:55 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:55 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:55 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:55 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:55 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:55 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:55 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:55 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:55 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:55 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:55 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:54 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:54 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:54 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:54 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:54 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:54 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:54 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:54 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:54 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:54 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:54 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:54 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:54 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:54 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:54 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:54 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:54 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:54 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:54 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:54 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:54 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:54 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:54 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:54 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:54 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:05 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:05 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:05 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:05 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:05 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:05 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:05 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:05 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:05 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:05 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:05 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:05 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 20:49 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:49 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:49 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 20:49 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 20:49 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 20:49 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 20:44 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:44 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:44 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:44 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 20:44 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:44 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 20:44 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 20:44 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 20:44 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:44 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 20:44 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 20:44 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 20:44 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 20:44 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 20:44 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 20:44 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 20:44 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 20:44 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 20:44 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 20:44 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 20:39 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:39 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 20:39 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 20:38 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:38 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 20:38 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 20:38 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-09 21:06 - 2014-11-09 21:06 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{30E93513-2CD9-4B4E-BCFC-57DBF2F4637D}
2014-11-09 21:03 - 2014-11-25 19:48 - 00000000 ____D () C:\Users\Rejeana\Desktop\M's Album
2014-11-09 20:53 - 2014-11-09 21:06 - 00000000 ____D () C:\Users\Rejeana\Desktop\Tori's Album
2014-11-03 21:01 - 2014-11-03 21:01 - 00051045 _____ () C:\Users\Rejeana\Documents\Unofficial Transcript.html
2014-11-03 21:01 - 2014-11-03 21:01 - 00000000 ____D () C:\Users\Rejeana\Documents\Unofficial Transcript_files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:34 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 21:34 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-01 21:31 - 2011-08-04 13:04 - 01693120 _____ () C:\Windows\WindowsUpdate.log
2014-12-01 21:26 - 2013-07-24 20:28 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\Htc
2014-12-01 21:26 - 2013-06-06 15:30 - 00000000 ___RD () C:\Users\Rejeana\Dropbox
2014-12-01 21:26 - 2013-06-06 15:23 - 00000000 ____D () C:\Users\Rejeana\AppData\Roaming\Dropbox
2014-12-01 21:26 - 2011-12-06 18:00 - 00000000 ___HD () C:\ASUS.DAT
2014-12-01 21:25 - 2011-04-01 22:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 21:25 - 2011-04-01 22:17 - 00230954 _____ () C:\Windows\PFRO.log
2014-12-01 21:25 - 2009-07-13 23:08 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-01 21:25 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 21:25 - 2009-07-13 22:51 - 00085506 _____ () C:\Windows\setupact.log
2014-12-01 21:10 - 2012-04-13 06:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 21:02 - 2011-04-01 22:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-01 20:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Globalization
2014-11-30 15:09 - 2009-07-13 23:13 - 00798158 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 14:18 - 2014-03-20 14:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-29 21:25 - 2012-10-21 15:56 - 00015360 ___SH () C:\Users\Rejeana\Thumbs.db
2014-11-28 07:07 - 2013-06-21 20:12 - 00000000 ____D () C:\Users\Rejeana\AppData\Roaming\HpUpdate
2014-11-28 07:07 - 2013-06-21 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-27 08:57 - 2011-08-04 13:32 - 00001466 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-26 01:04 - 2014-03-27 09:36 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 22:20 - 2014-08-07 06:14 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-25 22:20 - 2014-03-20 14:43 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-25 22:20 - 2014-03-20 14:43 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-25 22:20 - 2014-03-20 14:43 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-25 22:20 - 2014-03-20 14:43 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-25 22:20 - 2014-03-20 14:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-25 22:20 - 2014-03-20 14:42 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-25 22:20 - 2014-03-20 14:42 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-25 21:11 - 2012-04-13 06:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 21:11 - 2012-04-13 06:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 21:11 - 2011-12-30 17:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 21:54 - 2014-02-15 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-24 20:06 - 2012-01-27 04:03 - 00001132 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-24 20:06 - 2012-01-27 04:03 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-24 18:35 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-24 17:35 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-20 16:14 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-19 17:56 - 2013-06-06 15:30 - 00001029 _____ () C:\Users\Rejeana\Desktop\Dropbox.lnk
2014-11-19 17:56 - 2013-06-06 15:27 - 00000000 ____D () C:\Users\Rejeana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 06:57 - 2011-04-01 22:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 06:57 - 2011-04-01 22:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 21:07 - 2011-12-06 18:00 - 00086664 _____ () C:\Users\Rejeana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 21:04 - 2009-07-13 22:45 - 00343024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 21:00 - 2014-05-07 07:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 20:44 - 2011-12-07 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 20:29 - 2013-08-01 14:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:34 - 2011-12-08 15:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-04 14:30 - 2014-03-20 12:49 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Rejeana\AppData\Local\Temp\contentDATs.exe
C:\Users\Rejeana\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Rejeana\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Rejeana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgbjej.dll
C:\Users\Rejeana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Rejeana\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Rejeana\AppData\Local\Temp\nt64toum.dll
C:\Users\Rejeana\AppData\Local\Temp\ose00000.exe
C:\Users\Rejeana\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Rejeana\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Rejeana\AppData\Local\Temp\Quarantine.exe
C:\Users\Rejeana\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Rejeana\AppData\Local\Temp\sqlite3.dll
C:\Users\Rejeana\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Rejeana\AppData\Local\Temp\ytb_8.4.2.29_2.4.3_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-01 06:03

==================== End Of Log ============================



Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Rejeana on Tue 12/02/2014 at 19:34:39.37.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rejeana\Downloads\zoek.exe [Scan all users] [Checkboxes used]

===== Runcheck 6:12:56.43 =====

--- Create Environment Variables 6:13:00.69
--- Create System Restore Point 6:13:20.49
--- Checking Input 6:14:09.89
--- AU AppData Check 6:14:44.61
--- Remove From Windows Installer 6:14:56.78
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby Cypher » December 3rd, 2014, 11:33 am

Hi,
Ran by Rejeana (administrator) on REJEANA-PC on 01-12-2014 21:36:31

You posted the log from the FRST scan you ran, not the FRST Fixlog.txt.
Please post the FRST Fixlog.txt log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help removing Adware

Unread postby rgill14 » December 3rd, 2014, 5:27 pm

Sorry for posting the wrong scan results. Thanks for being patient with me. Hopefully I have the correct one this time.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by Rejeana at 2014-12-02 19:20:49 Run:1
Running from C:\Users\Rejeana\Downloads
Loaded Profile: Rejeana (Available profiles: Rejeana)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q= {searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q= {searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q= {searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {3AF320DE-16E7-4856-8CEA-027B73CE24F8} URL = http://yhs4.search.yahoo.com/yhs/search ... vast001&p= {searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p= {searchTerms}
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> {06A9F526-BE8C-41E3-90AE-38359EB2DDD1} URL = http://search.yahoo.com/search?p= {searchTerms}&fr=chr-swat02
SearchScopes: HKU\S-1-5-21-1634496136-2111562430-2021348028-1001 -> {3AF320DE-16E7-4856-8CEA-027B73CE24F8} URL = http://yhs4.search.yahoo.com/yhs/search ... vast001&p= {searchTerms}
FF DefaultSearchEngine: v9
FF SelectedSearchEngine: v9
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.v9.com/?type=hppp&ts=1416785 ... WD6400BPVT
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hppp&ts=1416785940&from=cor&uid=WDCXWD6400BPVT"
CHR DefaultSearchKeyword: Default -> v9
2014-11-23 17:47 - 2014-11-23 17:47 - 00003142 _____ () C:\Windows\System32\Tasks\{8EA8C404-8F3D-46BD-A4C8-08F1D9C504A7}
2014-11-21 21:29 - 2014-11-21 21:29 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{065A34C3-FBCE-43E7-9359-E7761C370944}
2014-11-20 20:14 - 2014-11-20 20:14 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{5EAE0D3F-3E70-49FA-A83D-CFD7A646A75E}
2014-11-20 20:11 - 2014-11-20 20:11 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{2534CE57-929E-499A-BE24-660CC3ECBFB7}
2014-11-09 21:06 - 2014-11-09 21:06 - 00000000 ____D () C:\Users\Rejeana\AppData\Local\{30E93513-2CD9-4B4E-BCFC-57DBF2F4637D}
C:\Users\Rejeana\AppData\Local\Temp\contentDATs.exe
C:\Users\Rejeana\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Rejeana\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Rejeana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgbjej.dll
C:\Users\Rejeana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Rejeana\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Rejeana\AppData\Local\Temp\nt64toum.dll
C:\Users\Rejeana\AppData\Local\Temp\ose00000.exe
C:\Users\Rejeana\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Rejeana\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Rejeana\AppData\Local\Temp\Quarantine.exe
C:\Users\Rejeana\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Rejeana\AppData\Local\Temp\sqlite3.dll
C:\Users\Rejeana\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Rejeana\AppData\Local\Temp\ytb_8.4.2.29_2.4.3_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3AF320DE-16E7-4856-8CEA-027B73CE24F8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3AF320DE-16E7-4856-8CEA-027B73CE24F8}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.
HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06A9F526-BE8C-41E3-90AE-38359EB2DDD1}" => Key deleted successfully.
"HKCR\CLSID\{06A9F526-BE8C-41E3-90AE-38359EB2DDD1}" => Key not found.
"HKU\S-1-5-21-1634496136-2111562430-2021348028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3AF320DE-16E7-4856-8CEA-027B73CE24F8}" => Key deleted successfully.
"HKCR\CLSID\{3AF320DE-16E7-4856-8CEA-027B73CE24F8}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
C:\Windows\System32\Tasks\{8EA8C404-8F3D-46BD-A4C8-08F1D9C504A7} => Moved successfully.
C:\Users\Rejeana\AppData\Local\{065A34C3-FBCE-43E7-9359-E7761C370944} => Moved successfully.
C:\Users\Rejeana\AppData\Local\{5EAE0D3F-3E70-49FA-A83D-CFD7A646A75E} => Moved successfully.
C:\Users\Rejeana\AppData\Local\{2534CE57-929E-499A-BE24-660CC3ECBFB7} => Moved successfully.
C:\Users\Rejeana\AppData\Local\{30E93513-2CD9-4B4E-BCFC-57DBF2F4637D} => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\DefaultAssets.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\DefaultOfflineContent.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgbjej.dll => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\NLStubInstallerResources.dll => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\nt64toum.dll => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\PCCheckupInstaller.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\PCCU_Installer.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\SymcPCCUInstaller.exe => Moved successfully.
C:\Users\Rejeana\AppData\Local\Temp\ytb_8.4.2.29_2.4.3_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby rgill14 » December 3rd, 2014, 5:32 pm

zoek just ran another scan automatically and created another log. Is that supposed to happen? Also, I think progress is being made because the V9 page is gone, pop-ups are gone, and extra browser tabs are no longer opening on their own. However, my computer is running much slower than before. Is this a normal consequence of the clean up process?
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby rgill14 » December 3rd, 2014, 9:05 pm

So... this just happened without any prompting from me.


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Rejeana on Tue 12/02/2014 at 19:34:39.37.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rejeana\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

12/3/2014 6:14:01 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Norton PC Checkup 3.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Oracle deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Rejeana\AppData\Roaming\Mozilla\Firefox\Profiles\g22iybvp.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_20141203_0408_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Yahoo! deleted
C:\Users\Rejeana\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\PROGRA~3\UAB deleted
C:\Users\Rejeana\AppData\Local\PC_Drivers_Headquarters deleted
C:\Users\Rejeana\AppData\LocalLow\Yahoo! deleted
C:\Users\Rejeana\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/25/2014 10:20 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Rejeana\AppData\Roaming\Mozilla\Firefox\Profiles\g22iybvp.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rejeana\AppData\Roaming\Mozilla\Firefox\Profiles\g22iybvp.default
07A722522C5CB75AEBF837E0411415C0 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/25/2014 10:19 PM]

Google Voice Search Hotword (Beta) - Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Avast Online Security - Rejeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Fix ======================

C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hip2save.com_0.localstorage deleted successfully
C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage deleted successfully
C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dealspl.us_0.localstorage deleted successfully
C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}"
"Search Bar"="https://www.yahoo.com/?fr=hp-avast&type=agc511"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.yahoo.com/?fr=hp-avast&type=agc511"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.yahoo.com/?fr=hp-avast&type=agc511"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1634496136-2111562430-2021348028-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-1634496136-2111562430-2021348028-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1634496136-2111562430-2021348028-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rejeana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Rejeana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9 folders=6 59252 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Rejeana\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Rejeana\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 12/03/2014 at 19:00:19.98 ======================
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby Cypher » December 4th, 2014, 7:48 am

Hi,
Sorry for posting the wrong scan results. Thanks for being patient with me. Hopefully I have the correct one this time.

Don't worry it's an easy mistake to make, you're doing fine and yes it's the right log this time :)
I think progress is being made because the V9 page is gone, pop-ups are gone, and extra browser tabs are no longer opening on their own.

That's good to hear.
However, my computer is running much slower than before. Is this a normal consequence of the clean up process?

Yes that can happen, when we are finished cleaning your computer we will take some steps to help with that.
So... this just happened without any prompting from me.

That's ok.
Your logs look better now but i would like you to run another scan for me.
Once done please give me another update on how your computer is performing.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help removing Adware

Unread postby rgill14 » December 4th, 2014, 8:08 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rejeana on Thu 12/04/2014 at 6:57:44.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Rejeana\AppData\Roaming\mozilla\firefox\profiles\g22iybvp.default\minidumps [488 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/04/2014 at 7:36:13.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby Cypher » December 5th, 2014, 6:39 am

Hi,
Can you give me an update on how the computer is running now, any problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help removing Adware

Unread postby rgill14 » December 5th, 2014, 8:45 pm

My computer is running very well now. There are no pop-ups, no ads, no extra browsers opening, V9 is gone. And it is running faster now as well. I am very pleased and grateful. Do I need to do anything else? How can I better protect myself from this in the future?
rgill14
Regular Member
 
Posts: 19
Joined: November 27th, 2014, 11:11 pm

Re: Need help removing Adware

Unread postby Cypher » December 6th, 2014, 8:19 am

Hi,
My computer is running very well now. There are no pop-ups, no ads, no extra browsers opening, V9 is gone. And it is running faster now as well.

Excellent :thumbleft:
How can I better protect myself from this in the future?

Yes, please see the link at the bottom of this post.
Do I need to do anything else?

Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

We removed an outdated version of Java, if you use it you can reinstall the latest versions.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 8u25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Need help removing Adware

Unread postby Cypher » December 7th, 2014, 1:57 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy, pgmigg and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware