Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Browser redirecting to Microsoft Exchange


  • Please log in to reply
11 replies to this topic

#1 bloggingky

bloggingky

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 12:55 PM

This started yesterday, and I dont have the slightest idea where the heck the virus came from. What kind of virus terrorist sends you to Microsoft?? I can get around the redirect by typing into the search bar. I got here by typing bleeping computer into the search bar, then clicking the search link. I've run tdsskiller, AVG, Anvi Smart Defender, and did a system restore. All to no avail. Tdsskiller found zero issues, both of the others found, and cleaned, 3 items. I'm still getting the redirect though. Specifically, typing a web address into the address field redirects me to http://office.microsoft.com/en-us/exchange/microsoft-exchange-online-email-for-business-FX103739072.aspx. I dont notice any other issues, like lagging, etc, just the redirect. I've typed in browser redirect to microsoft into the search field but havent found anything. Any ideas? 

~Ky


Edited by hamluis, 03 November 2013 - 01:34 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 03 November 2013 - 05:25 PM

Hello bloggingky
Which browser do you use.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
    .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 05:45 PM

I've just downloaded everything you suggested and will be back after they've run, but wanted to answer your browser question. I normally use Firefox but since this virus it crashes every time it's open for a couple minutes. Since yesterday I've been using Chrome. Firefox will let me get to a page by the search bar (as explained in my initial entry) but once I click the search link to go to the site Firefox crashes. Chrome isn't doing that for some reason, but I'm sure glad it's not! Off to follow your instructions now ... thank you!!!



#4 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 06:35 PM

I dont see my reply that I thought I did a few minutes ago, but you asked me what browser I use. Normally, I use Firefox. However, since this "virus", though I can type what I want into the search bar, and click the resulting link, Firefox crashes seconds after getting where I want to go. So, I tried Chrome, which is not crashing. I won't let me type in the address bar and get there, I still get the redirect, but at least it's not crashing when using the search method.

 

 

Okay, here we go ... 

MiniToolBox:

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Owner (administrator) on 03-11-2013 at 16:47:14
Running from "C:\Users\Owner\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Laptop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : C6-F8-DA-3E-18-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : C0-F8-DA-3E-18-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3cd8:1bb6:6c59:b30b%18(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 03, 2013 2:04:05 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 10, 2149 11:15:51 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 331413722
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4B-D5-89-00-24-54-72-70-6B
   DNS Servers . . . . . . . . . . . : 8.26.56.26
                                       156.154.70.22
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : E8-11-32-66-F0-F8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{405B7696-271D-4C2B-8182-8C0595210D3B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  ns1.recursive.dns.com
Address:  8.26.56.26
 
Name:    google.com.Belkin
Addresses:  fe80:1::225:90ff:fe19:4b12
 92.242.144.50
 
 
Pinging google.com [173.194.113.142] with 32 bytes of data:
Request timed out.
Reply from 173.194.113.142: bytes=32 time=148ms TTL=47
 
Ping statistics for 173.194.113.142:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 148ms, Maximum = 148ms, Average = 148ms
Server:  ns1.recursive.dns.com
Address:  8.26.56.26
 
Name:    yahoo.com.Belkin
Addresses:  fe80:1::225:90ff:fe19:4b12
 92.242.144.50
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Reply from 98.139.183.24: bytes=32 time=93ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 93ms, Average = 93ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 23...c6 f8 da 3e 18 7f ......Microsoft Virtual WiFi Miniport Adapter
 18...c0 f8 da 3e 18 7f ......Atheros AR9285 Wireless Network Adapter
 11...e8 11 32 66 f0 f8 ......Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.4    281
      192.168.2.4  255.255.255.255         On-link       192.168.2.4    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    281 fe80::/64                On-link
 18    281 fe80::3cd8:1bb6:6c59:b30b/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/03/2013 11:56:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (11/03/2013 08:05:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2013 08:05:41 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/03/2013 02:04:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgdiagex.exe, version: 13.0.0.3304, time stamp: 0x51539980
Faulting module name: avgduix.dll, version: 13.0.0.3211, time stamp: 0x5122e30b
Exception code: 0xc0000005
Fault offset: 0x000527d9
Faulting process id: 0xb54
Faulting application start time: 0xavgdiagex.exe0
Faulting application path: avgdiagex.exe1
Faulting module path: avgdiagex.exe2
Report Id: avgdiagex.exe3
 
Error: (11/03/2013 02:04:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3390, time stamp: 0x51eea58d
Faulting module name: avgwd.dll, version: 13.0.0.3425, time stamp: 0x525dcdf3
Exception code: 0xc0000005
Fault offset: 0x000808f1
Faulting process id: 0x7e0
Faulting application start time: 0xavgwdsvc.exe0
Faulting application path: avgwdsvc.exe1
Faulting module path: avgwdsvc.exe2
Report Id: avgwdsvc.exe3
 
Error: (11/03/2013 02:00:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: GH-FarmFablesLauncher.exe, version: 0.0.0.0, time stamp: 0x5104e139
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x1b18
Faulting application start time: 0xGH-FarmFablesLauncher.exe0
Faulting application path: GH-FarmFablesLauncher.exe1
Faulting module path: GH-FarmFablesLauncher.exe2
Report Id: GH-FarmFablesLauncher.exe3
 
Error: (11/03/2013 00:51:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11731
 
Error: (11/03/2013 00:51:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11731
 
Error: (11/03/2013 00:51:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/03/2013 00:51:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10733
 
 
System errors:
=============
Error: (11/03/2013 01:49:53 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/03/2013 01:49:53 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (11/03/2013 11:45:17 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (11/03/2013 11:45:17 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/03/2013 11:44:34 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
NNSHTTPS
 
Error: (11/03/2013 11:44:34 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/03/2013 11:44:34 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service hung on starting.
 
Error: (11/03/2013 02:04:15 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.
 
Error: (11/03/2013 02:04:03 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/03/2013 02:04:01 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:02:44 AM on ?11/?3/?2013 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (11/03/2013 11:56:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (11/03/2013 08:05:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2013 08:05:41 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/03/2013 02:04:46 AM) (Source: Application Error)(User: )
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9b5401ced86b52ecf73cC:\Program Files (x86)\AVG\AVG2013\avgdiagex.exeC:\Program Files (x86)\AVG\AVG2013\avgduix.dll9a4528db-445e-11e3-9a72-e8113266f0f8
 
Error: (11/03/2013 02:04:36 AM) (Source: Application Error)(User: )
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.3425525dcdf3c0000005000808f17e001ced86b49b6038cC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll945d9f0d-445e-11e3-9a72-e8113266f0f8
 
Error: (11/03/2013 02:00:22 AM) (Source: Application Error)(User: )
Description: GH-FarmFablesLauncher.exe0.0.0.05104e139ole32.dll6.1.7601.175144ce7b96fc0000005000393421b1801ced869f7fd1756C:\GameHouse Games\Farm Fables\GH-FarmFablesLauncher.exeC:\windows\syswow64\ole32.dllfcece9cc-445d-11e3-b365-e8113266f0f8
 
Error: (11/03/2013 00:51:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11731
 
Error: (11/03/2013 00:51:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11731
 
Error: (11/03/2013 00:51:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/03/2013 00:51:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10733
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-12-22 02:18:19.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-12-22 02:00:35.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-12-22 01:48:30.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
„Windows Live Essentials“ (Version: 15.4.3502.0922)
„Windows Live Mail“ (Version: 15.4.3502.0922)
„Windows Live Messenger“ (Version: 15.4.3502.0922)
„Windows Live“ fotogalerija (Version: 15.4.3502.0922)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Antique Road Trip: American Dreamin'
Anvi Smart Defender 1.9.3 (Version: 1.9.3)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Artist Colony (Version: 32.0.0.0)
Atheros Client Installation Program (Version: 9.0)
AudibleManager (Version: 2001747150.48.56.4072466)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
Baking Success
BatteryLifeExtender (Version: 1.0.11)
Big Fish: Game Manager (Version: 3.2.0.7)
Bonbon Quest
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.48.55)
CCleaner (Version: 3.25)
Club Paradise (Version: 32.0.0.0)
COMODO Internet Security (Version: 5.12.59641.2599)
Cooking Dash® 3: Thrills and Spills (Version: 32.0.0.0)
Cooking Dash®: DinerTown Studios™ (Version: 32.0.0.0)
CyberLink YouCam (Version: 2.0.3911)
D3DX10 (Version: 15.4.2368.0902)
Dancing Craze (Version: 32.0.0.0)
Delicious - Emily's Honeymoon Cruise Deluxe
Delicious - Emily's Taste of Fame
Delicious - Emily's Tea Garden
Delicious - Emily's True Love Premium Edition
Delicious - Emily's Wonder Wedding Premium Edition
Delicious 2 Deluxe
Diner Dash®: Seasonal Snack Pack™ (Version: 32.0.0.0)
Diner Dash™ (Version: 32.0.0.0)
DivX Setup (Version: 2.6.1.9)
Doggie Dash® (Version: 32.0.0.0)
DriverTuner 3.1.0.1 (Version: 3.1.0.1)
Drugstore Mania
Easy Content Share (Version: 1.0)
Easy Display Manager (Version: 3.2)
Easy Network Manager (Version: 4.4.7)
Easy SpeedUp Manager (Version: 2.1.0.11)
EasyBatteryManager (Version: 4.0.0.4)
EasyFileShare (Version: 1.0.3)
ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Farm Fables
Fashion Boutique
Fashion Rush
FeedDemon (Version: 4.1.0.0)
Fever Frenzy
First Class Flurry (Version: 32.0.0.0)
Fitness Dash™ (Version: 32.0.0.0)
Foodie Fun Five Pack
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Found: A Hidden Object Adventure
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Game Pack (Version: 6.3.1.1)
Garage Inc.
Golden Hearts Juice Bar
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Grave Mania Pandemic Pandemonium 1.00 (Version: 1.00)
Haunted Domains (Version: 32.0.0.0)
Hotdog Hotshot
Hotel Dash™ - Suite Success™
Hotel Dash™: Suite Success™ (Version: 32.0.0.0)
ImgBurn (Version: 2.5.7.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® Rapid Storage Technology (Version: 9.6.3.1001)
Internet Explorer Developer Toolbar (Version: 1.0.2188)
iTunes (Version: 11.0.2.26)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Jessica's BowWow Bistro
Jo's Dream - Organic Coffee
Jo's Dream: Organic Coffee
Junk Mail filter update (Version: 15.4.3502.0922)
Katy and Bob - Way Back Home
LastPass(uninstall only)
Magic Sweets
Marvell Miniport Driver (Version: 11.22.3.3)
Megaplex Madness: Now Playing™ (Version: 32.0.0.0)
Megaplex Madness: Summer Blockbuster (Version: 32.0.0.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Midnight Mysteries - Haunted Houdini Premium Edition
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mystery P.I.™ Special Bundle II
Pando Media Booster (Version: 2.6.0.8)
Paradise Pet Salon (Version: 32.0.0.0)
Pet Shop Hop™ (Version: 32.0.0.0)
Pet Show Craze (Version: 32.0.0.0)
PhotoScape
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Rachel's Retreat (Version: 32.0.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center 1.0 (Version: 1.1.38)
Samsung Update Plus (Version: 3.0.0.17)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
Santa's Super Friends (Version: 32.0.0.0)
Search Assistant WebSearch 1.74
Security Task Manager 1.8g (Version: 1.8g)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
Spooky Mall (Version: 32.0.0.0)
Spotify (Version: 0.9.0.117.g93e0429c)
Supermarket Management 2
Supermarket Mania® 2 (Version: 32.0.0.0)
Sushi Bar Express
System Requirements Lab for Intel (Version: 4.5.11.0)
Turbo Fiesta (Version: 32.0.0.0)
Turbo Subs (Version: 32.0.0.0)
User Guide (Version: 1.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VS10Runtimex64 (Version: 1.0.0)
Wedding Dash® 4-Ever (Version: 32.0.0.0)
Wedding Dash®: Ready, Aim, Love!™ (Version: 32.0.0.0)
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
Windows Live ?? (Version: 15.4.3502.0922)
Windows Live ?? ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3508.1109)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live fotoattelu galerija (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Foto-galerija (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Pošta (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 5.00 beta 8 (64-bit) (Version: 5.00.8)
Wondershare PDF to Word (Build 4.0.1) (Version: 4.0.1)
Yahoo! Detect
Youda Jewel Shop (Version: 32.0.0.0)
Youda Sushi Chef (Version: 32.0.0.0)
ZoneAlarm LTD Toolbar
 
========================= Memory info: ===================================
 
Percentage of memory in use: 60%
Total physical RAM: 2932.55 MB
Available physical RAM: 1153.41 MB
Total Pagefile: 5863.29 MB
Available Pagefile: 3766.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:112 GB) (Free:58.36 GB) NTFS
2 Drive d: () (Fixed) (Total:165.99 GB) (Free:165.69 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LAPTOP
 
Administrator            Guest                    Owner                    
 
 
**** End of log ****
 
ADW Cleaner:
# AdwCleaner v3.011 - Report created 03/11/2013 at 16:54:45
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - LAPTOP
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AlawarEntertainment
Folder Deleted : C:\ProgramData\AlawarSouthpoint
Folder Deleted : C:\ProgramData\Browwsee2Soave
Folder Deleted : C:\ProgramData\Download keeper
Folder Deleted : C:\Program Files (x86)\pc speed up
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Owner\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Owner\AppData\Local\Wajam
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Owner\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\AlawarEntertainment
Folder Deleted : C:\Users\Owner\AppData\Roaming\AlawarSouthpoint
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ke3qki42.default\FCTB
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ke3qki42.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ppukbi2m.default-1346938413303\searchplugins\conduit-search.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ke3qki42.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ke3qki42.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies(2)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies(2)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies(3)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies(3)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_simcity-societies_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16618
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ke3qki42.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;wikipedia_40905;yahoo_mail_40916;netflix_40927;shoutcast_radio_5302;share_this_page_23802;");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023");
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-adknowledgeaol-chromesbox-en-us&tb_uuid=20120904211325822&tb_oid=04-09-2012&[...]
Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("aol_toolbar.guid", "{363548DD-062B-621D-828A-723B865AE7BF}");
Line Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.8614");
Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Line Deleted : user_pref("aol_toolbar.install.ncid", "");
Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "6");
Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "8");
Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2012");
Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "4");
Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "21");
Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "14");
Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "9");
Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "51");
Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2012");
Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1346892599944");
Line Deleted : user_pref("aol_toolbar.rtw.active", false);
Line Deleted : user_pref("aol_toolbar.search.button", true);
Line Deleted : user_pref("aol_toolbar.search.cid", "04-09-2012");
Line Deleted : user_pref("aol_toolbar.search.instd", "20120904211325822");
Line Deleted : user_pref("aol_toolbar.search.oid", "04-09-2012");
Line Deleted : user_pref("aol_toolbar.search.placement", "right");
Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Line Deleted : user_pref("aol_toolbar.search.source", "tb50-ff-adknowledgeaol");
Line Deleted : user_pref("aol_toolbar.skin.custom", false);
Line Deleted : user_pref("aol_toolbar.surf.date", "21");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "6");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "8");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Line Deleted : user_pref("aol_toolbar.surf.month", "55");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Line Deleted : user_pref("aol_toolbar.surf.total", "57");
Line Deleted : user_pref("aol_toolbar.surf.week", "23");
Line Deleted : user_pref("aol_toolbar.surf.year", "55");
Line Deleted : user_pref("aol_toolbar.ticker.active", false);
Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("aol_toolbar.weather.degc", "26");
Line Deleted : user_pref("aol_toolbar.weather.degf", "78");
Line Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/26.png");
Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Line Deleted : user_pref("aol_toolbar.weather.metric", true);
Line Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Cloudy");
Line Deleted : user_pref("aol_toolbar.weather.update", "1346937948342");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=17425&tt=3612_2&babsrc=NT_def");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.helpmefindyour.info/?pid=658&r=2013/04/14&hid=3147082474&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.helpmefindyour.info/?pid=658&r=2013/04/14&hid=3147082474&lg=EN&cc=US");
Line Deleted : user_pref("extensions.crossrider.bic", "139933342180f4aee37046dc6b7e46c5");
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.DNSCatch", false);
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.FirstLaunchShown", true);
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.LastDate", 6);
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.customNewTab", false);
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.processAddrBar", false);
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.tb_lang", "en");
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.user_id", "72859495");
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.yahooSearch", false);
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ppukbi2m.default-1346938413303\prefs.js ]
 
Line Deleted : user_pref("extensions.iK9L8jZ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == window.[...]
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [16916 octets] - [03/11/2013 16:49:46]
AdwCleaner[S0].txt - [16524 octets] - [03/11/2013 16:54:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16585 octets] ##########
 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Owner on Sun 11/03/2013 at 17:01:46.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\big fish"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\social privacy"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{001853F9-191A-42C6-B8B9-9E03EFF23A2F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0AF950C8-E3E8-4E83-A92E-339BF191D13D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1ABA4191-A241-4FC0-A2A1-3200AC5E0335}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{49D3BD5B-DBB1-4385-958D-6AFE3056AAE1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4AF5C4A0-774C-488C-B6C8-619E3E577955}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4EB2C59A-B5BD-416A-8156-779260B8499E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{57BB892F-D03A-42F3-9EC9-3124AC35C712}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5A1FC588-DB05-4612-8E8F-4E4B21567CF5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{681AD868-09DE-4792-A730-EBDC597CA5CD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{68BBDC1B-4D44-4B41-8E04-34C63521B0A6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{74F0DDA9-225E-4A19-B3EC-C3FB4F459054}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9CA1717F-4B53-4518-9273-4205FDFBBC99}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9CB2BB9E-8864-4C50-A221-51EB055F8EE9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B9C9E088-0470-4022-85C6-E11A71A23528}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B9E132B2-E55C-46ED-9287-1BA893F23C8D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CB404B53-F27D-41CF-AB73-707059752E4F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D17D75BE-3165-4575-A531-276348EA7D48}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ke3qki42.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ke3qki42.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ppukbi2m.default-1346938413303\minidumps [13 files]
 
 
 
~~~ Chrome
 
Failed to delete: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/03/2013 at 17:10:14.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Looks like it's gonna be a bit longer for the other one, but it's already found 4 threats. I await further instructions ... 
~Ky


#5 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 07:40 PM

Holy cow, an hour and 15 minutes, not even halfway thru yet, but 36 virus' so far. youch!

~Ky



#6 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 08:17 PM

Last scan (ESET) finished. 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\uninstall.exe.vir Win32/SProtector.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Temp\OCS\ocs_v7d.exe.vir a variant of Win32/DownloadSponsor.A application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MP03P99\psupport_install[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\Offercast2802_MTV_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS10E6.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS227E.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS228E.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS399C.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS401C.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS418E.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS4E89.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS6128.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS70D8.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCS8AC2.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCSA0CD.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCSA60F.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCSA9C6.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCSCB4A.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\OCSE6D6.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Temp\{6B687FBF-3920-4CB5-AE5E-7102B08B5D49}\Addons\assistant_v3.exe multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\9bb9c4e-58d7b19e a variant of Java/JShrink.A application cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\38f8f1e3-110e41f6 a variant of Java/JShrink.A application cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\38f8f1e3-4fce9dca a variant of Java/JShrink.A application cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\38f8f1e3-7f74eac6 a variant of Java/JShrink.A application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\ArcadeFrontierGames(1).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Owner\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Owner\Downloads\PandaCloudAntivirus_v2.1.exe a variant of Win32/DownloadSponsor.A application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\PhotoScape_V3.6.3.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\Setup (1).exe a variant of Win32/AdWare.iBryte.I.gen application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\Setup (2).exe a variant of Win32/AdWare.iBryte.I.gen application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\SoftonicDownloader_for_golden-hearts-juice-bar-game.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
 
I await further instructions ... thank you in advance!!
~Ky


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 03 November 2013 - 08:33 PM

Hi KY ... do this and let me know if you are still redirecting.

Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.

Reboot your system to complete the process.

You're infections are mostly ad and spyware nothing super serious.

EDIT...do you like AVG or you want another Free one as yours is outdated.

Edited by boopme, 03 November 2013 - 08:38 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 09:18 PM

IMO the free AVG is next to worthless but every time I go looking for free anti-virus they're at the top of the list, so I end up installing them. Okay, following the next step now .... 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 03 November 2013 - 09:32 PM

OK, lets see about that after this.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 10:40 PM

All done and no longer redirecting. Which, if any, of these downloads would you suggest I keep and use on a regular basis? And, do suggest an alternative to AVG?

Thank you so much for your help!!!!!

~Ky



#11 bloggingky

bloggingky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2013 - 11:11 PM

Is there any reason that what we've done has changed settings somewhere? I'm not getting the Run as Administrator on some programs, but I used to have it.

Any ideas? 

~Ky



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 04 November 2013 - 11:41 AM

Hi, that's good!
 
I like this one. only downside is the once a day buy full version nag screen.
 
Download Avira Antivir, save to desktop.
Uninstall AVG thru Control Panel
Reboot
Install Avira, update and scan.
 
 
I'm not getting the Run as Administrator on some programs
Possibly the result of the malware changing a file.
 
If you want to reset ... Run Windows Repair (All In One)
Click boxes 01,02,03, 09,13 and 25
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users