Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by surveys/snap.do, redirects, 'video player', fake Adobe etc...


  • This topic is locked This topic is locked
46 replies to this topic

#1 Irisim1

Irisim1

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:17 PM

This is some crazy virus!!

I clicked download this morning on a link in a 'trusted' page (according to WoT). Big mistake!

It first popped up requesting to update adobe flash player, but I realized it was fake too late. then there was a program that offered to 'protect' me, for a fee of course. I don't remember it's name because I immediately removed the program. Then 'snap.do' took over my browser and it took me another 10 minutes to remove it from the computer, or so I thought. It is still lingering behind the scenes. I am repeatedly redirected to 'surveys' and 'update' sites and they each wear different looks. I was on ebay so it looked like an ebay page, later I was on another page I can't recall right now and it took that appearance. I would post screen shots but the problem is that this is a relatively new computer and I didn't get a chance yet to install a picture editing program, so I'm not sure how to do it. I'll try to take a photo with my cell phone and post it as a reply to this post.

I am using windows 8, and Mozilla FF is my browser, but this took over the other browsers as well.

Please help!

Thank you so much!

Iris



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 PM

Posted 19 November 2013 - 09:23 PM

Hello iris ... please do these and see how it is after.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:25 PM

there doesn't seem to be a way to add a picture when posting with the phone, but I'll keep trying.

#4 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:30 PM

Hi Boopme!

Thanks for the fast reply!

If I recall correctly, you may have helped me in the past with my old computer?...

I'll do as you recommend and return with a report.

And btw, it may not be related, but I also wasn't able to sign in to the forum with firefox, for some reason, it never was a problem before. I am logged in through IE, it works here.

Iris



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 PM

Posted 19 November 2013 - 09:33 PM

Probably malware with Firefox.

If it was me then welcome back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:42 PM

Thanks Boopme :)

 

Please advice: I took the first step and got the result file, but for some reason I'm not able to paste it here... I clicked copy on the notepad file, and I click paste here but it isn't doing anything... :( ???



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 PM

Posted 19 November 2013 - 09:46 PM

Odd ?!?!?

run this and try again

post both RKill and Mini if you can..

If that fails try to PM them to me and I'll post it


Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:48 PM

OK, I'll try that, but just FYI, I'm pretty sure IE is also hijacked, so this may be part of it?? I'll brb.



#9 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:55 PM

Did and did, I sent it to you privately, still not able to paste here.



#10 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 09:57 PM

Should I continue now with step two of your first post? (TDSSkiller)



#11 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 10:06 PM

According to tdsscleaner no threat was found, I'll post the report, but again, I can't paste here, I'll pm you.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 PM

Posted 19 November 2013 - 10:06 PM

Yes move on while
I look at what you sent.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 19 November 2013 - 10:20 PM

Still not able to post here, will pm you the adwcleaner log



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 PM

Posted 19 November 2013 - 10:22 PM

Here's the rkill log:

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/19/2013 09:49:10 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Iris\Desktop\rkill\rkill-11-19-2013-09-49-12.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* AllUserInstallAgent [Missing Service]
* SDRSVC [Missing Service]
* adp94xx [Missing Service]
* adpahci [Missing Service]
* adpu320 [Missing Service]
* arc [Missing Service]
* AsyncMac [Missing Service]
* discache [Missing Service]
* iirsp [Missing Service]
* LSI_SCSI [Missing Service]
* nfrd960 [Missing Service]
* PptpMiniport [Missing Service]
* RasAgileVpn [Missing Service]
* Rasl2tp [Missing Service]
* RasSstp [Missing Service]
* Wanarp [Missing Service]
* Wanarpv6 [Missing Service]
* Wd [Missing Service]
* AppMgmt [Missing Service]
* CSC [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]

* SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]
* WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/19/2013 09:49:46 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)



Here's the Minitoolbox log:

MiniToolBox by Farbar Version: 13-07-2013
Ran by Iris (administrator) on 19-11-2013 at 21:35:49
Running from "C:\Users\Iris\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : WINDOWS-19FV8JI
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 60-6C-66-71-A4-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 60-6C-66-71-A4-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 5C-F9-DD-5F-24-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
Physical Address. . . . . . . . . : 60-6C-66-71-A4-44
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ec76:1ffc:bb2f:9839%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 19, 2013 5:33:39 PM
Lease Expires . . . . . . . . . . : Tuesday, November 26, 2013 8:16:02 PM
Default Gateway . . . . . . . . . : fe80::226:5aff:fef7:280%3
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 325086310
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-55-1E-A8-5C-F9-DD-5F-24-DA
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{36FAAB0B-4085-4DE6-B87D-3AD30FDA0E69}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1495:1206:e747:b446(Preferred)
Link-local IPv6 Address . . . . . : fe80::1495:1206:e747:b446%10(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 167772160
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-55-1E-A8-5C-F9-DD-5F-24-DA
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4006:800::1002
173.194.43.35
173.194.43.32
173.194.43.38
173.194.43.36
173.194.43.37
173.194.43.46
173.194.43.33
173.194.43.34
173.194.43.40
173.194.43.39
173.194.43.41


Pinging google.com [173.194.43.41] with 32 bytes of data:
Reply from 173.194.43.41: bytes=32 time=12ms TTL=55
Reply from 173.194.43.41: bytes=32 time=12ms TTL=55

Ping statistics for 173.194.43.41:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
206.190.36.45
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=52ms TTL=52
Reply from 98.139.183.24: bytes=32 time=39ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 52ms, Average = 45ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...60 6c 66 71 a4 45 ......Microsoft Wi-Fi Direct Virtual Adapter
6...60 6c 66 71 a4 48 ......Bluetooth Device (Personal Area Network)
4...5c f9 dd 5f 24 da ......Realtek PCIe FE Family Controller
3...60 6c 66 71 a4 44 ......Intel® Centrino® Wireless-N 2230
1...........................Software Loopback Interface 1
7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 281
192.168.0.101 255.255.255.255 On-link 192.168.0.101 281
192.168.0.255 255.255.255.255 On-link 192.168.0.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 306 ::/0 On-link
3 281 ::/0 fe80::226:5aff:fef7:280
1 306 ::1/128 On-link
10 306 2001::/32 On-link
10 306 2001:0:9d38:90d7:1495:1206:e747:b446/128
On-link
3 281 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::1495:1206:e747:b446/128
On-link
3 281 fe80::ec76:1ffc:bb2f:9839/128
On-link
1 306 ff00::/8 On-link
3 281 ff00::/8 On-link
10 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/19/2013 08:14:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (11/19/2013 08:14:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (11/19/2013 08:14:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2013 06:02:02 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume OS (C:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/19/2013 05:55:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x5a4
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (11/19/2013 10:13:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (11/19/2013 10:13:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (11/19/2013 10:13:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2013 07:57:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1a7c
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (11/18/2013 05:54:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125


System errors:
=============
Error: (11/19/2013 05:56:44 PM) (Source: DCOM) (User: WINDOWS-19FV8JI)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/19/2013 05:56:13 PM) (Source: DCOM) (User: WINDOWS-19FV8JI)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/19/2013 05:41:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/19/2013 05:33:39 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.2 service failed to start due to the following error:
%%2

Error: (11/19/2013 05:33:39 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/19/2013 05:33:39 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/19/2013 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/19/2013 08:49:44 AM) (Source: Service Control Manager) (User: )
Description: The Ask Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/19/2013 08:49:41 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.2 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/19/2013 07:31:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (11/19/2013 08:14:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (11/19/2013 08:14:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (11/19/2013 08:14:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2013 06:02:02 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: OS (C:)The parameter is incorrect. (0x80070057)

Error: (11/19/2013 05:55:35 PM) (Source: Application Error)(User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f5a401cee57a6a6385e9C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllb2c4c5b4-516d-11e3-be9b-606c6671a448

Error: (11/19/2013 10:13:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (11/19/2013 10:13:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (11/19/2013 10:13:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2013 07:57:07 AM) (Source: Application Error)(User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f1a7c01cee526d7d23162C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll17c60042-511a-11e3-be9a-606c6671a448

Error: (11/18/2013 05:54:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125


CodeIntegrity Errors:
===================================
Date: 2013-11-19 17:40:00.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:40:00.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:42.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:42.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:41.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:41.822
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:41.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:41.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:19.820
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 17:38:19.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.6.0.12)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG SafeGuard toolbar (Version: 17.1.2.1)
Bonjour (Version: 3.0.0.10)
CyberLink LabelPrint 2.5 (Version: 2.5.5415a)
CyberLink Media Suite 10 (Version: 10.0.1.1913)
CyberLink Media Suite Essentials (Version: 10.0)
CyberLink Power2Go 8 (Version: 8.0.0.1904)
CyberLink PowerDirector 10 (Version: 10.0.1.1904)
CyberLink PowerDVD 10 (Version: 10.0.4318.52)
D3DX10 (Version: 15.4.2368.0902)
Dell Backup and Recovery - Support Software (Version: 1.5.0.0)
Dell Backup and Recovery (Version: 1.5.0.0)
Dell Support Center (Version: 3.2.6032.39)
Dell Touchpad (Version: 8.1200.101.209)
Dropbox (Version: 2.0.26)
DSC/AA Factory Installer (Version: 3.2.6032.39)
Epson Event Manager (Version: 2.40.0001)
EPSON Scan
EPSON TX420 NX420 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
Free Video Call Recorder for Skype version 1.1.0.319 (Version: 1.1.0.319)
GoToAssist Corporate (Version: 10.2.0.822)
IDT Audio (Version: 1.0.6418.0)
Intel® Control Center (Version: 1.2.1.1008)
Intel® Processor Graphics (Version: 10.18.10.3316)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.8.0.0548)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.5.0.0248)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249)
Intel® Rapid Storage Technology (Version: 11.5.4.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 3.0.0.63463)
Intel® PROSet/Wireless Software (Version: 15.8.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Killing Floor
Left 4 Dead
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (Version: 15.0.4454.1510)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyWordTool (Version: 1)
NVIDIA Control Panel 327.02 (Version: 327.02)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Graphics Driver 327.02 (Version: 327.02)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Optimus 6.4.23 (Version: 6.4.23)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.4.1 (Version: 3.41.9593)
OverDrive Media Console (Version: 3.2.20)
PC Tools Registry Mechanic 11.1 (Version: 11.1)
Photo Gallery (Version: 16.4.3505.0912)
Portal 2
Quickset64 (Version: 11.1.32)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.7 (Version: 6.7.102)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.13.0)
Team Fortress 2
The Walking Dead
TidyNetwork
Tube Dimmer (Version: 2.6.43)
Updater (Version: 2.6.43)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.8 (Version: 2.0.8)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8052.05 MB
Available physical RAM: 5864.37 MB
Total Pagefile: 9332.05 MB
Available Pagefile: 6678.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.11 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:920.73 GB) (Free:829.46 GB) NTFS
2 Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.26 GB) NTFS
3 Drive e: (Stockheim Chor) (CDROM) (Total:3.53 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\WINDOWS-19FV8JI

Administrator Guest Iris
UpdatusUser

Edited by boopme, 19 November 2013 - 10:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:11 PM

Posted 19 November 2013 - 10:29 PM

# AdwCleaner v3.012 - Report created 19/11/2013 at 22:11:24
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Iris - WINDOWS-19FV8JI
# Running from : C:\Users\Iris\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Iris\AppData\Local\TidyNetwork
Folder Deleted : C:\Users\Iris\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Iris\Documents\optimizer pro
Folder Deleted : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\urcw5rgr.default\Extensions\tidynetwork@tidynetwork
File Deleted : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\urcw5rgr.default\searchplugins\Web Search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\urcw5rgr.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=5f51f382-c9c8-c57b-42fa-4dad8bbd17c2&searchtype=hp&installDate=19/11/2013");
Line Deleted : user_pref("extensions.dynconff.cache.ap.saatchionline.com.content", "\r\n \r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.en.wikipedia.org.content", "\r\n \r\[...]
Line Deleted : user_pref("extensions.dynconff.cache.landsraad.cc.content", "\r\n \r\n \r\n \[...]
Line Deleted : user_pref("extensions.dynconff.cache.my.ebay.com.content", "\r\n [...]
Line Deleted : user_pref("extensions.dynconff.cache.netflix.trustedoffer.com.content", "\r\n [...]
Line Deleted : user_pref("extensions.dynconff.cache.uplayer.us.com.content", "\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.video.pbs.org.content", "\r\n \r\n <[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.bleepingcomputer.com.content", "\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.ebay.com.content", "\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.myibidder.com.content", "\r\n \r[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.pbs.org.content", "\r\n \r\n \r\n
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users