Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus help


  • Please log in to reply
40 replies to this topic

#1 SacSurge

SacSurge

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 08:07 AM

My stepdaughter dropped off her win 8 laptop last night and said she is redirected when browsing and her machine is unstable. My problem is I'm still windows XP for a few more weeks and not familiar with win 8 yet. I'm decent with computers and can follow instructions pretty well so I hope I can fix this for her and learn win 8 as I prepare to purchase a new system for myself. Can you guys help? What information do you want me to post first? Windows defender is running a full scan right now and it says PC status: Potentially unprotected

 

Thanks,

Larry



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 10:50 AM

hello SacSurge.

what browser are you using?

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 10:58 AM

I think she uses IE but I saw Chrome and Firefox installed too. Her battery died during scan so I have her bringing her power cord over and will ask what she was using as default. I'm off to work a half day and then will work on your list of things to do and report back. Thanks so much!!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 01:07 PM

OK
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 09:02 PM

well wasn't easy but I got the mini toolbox and adware rempver downloaded to her desktop so far. It's not really redirecting t just opens other sites. I could not figure out how to download TDSkiller though as I kept getting the Kaspersky store. Anyway I will go work on the junkware and eset scanner install now. You want me to run those 2 I have first or get them all downloaded and run and posted together. What am I doing wrong in regards to the TDSkiller or was that a redirect?


Edited by SacSurge, 06 February 2014 - 09:03 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 09:05 PM

You can post as you get them..

This is BC direct d'load,you were redirected
http://www.bleepingcomputer.com/download/tdsskiller/

All the tools but ESET can be found here.
http://www.bleepingcomputer.com/download/windows/

Edited by boopme, 06 February 2014 - 09:07 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 09:53 PM

Grr! How do Iget the file to copy or post. I have result.txt on my desktop but can't copy and paste. Going to run the others now..



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 10:06 PM

Can you PM it to me?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 10:28 PM

Do I just highlight all text and use CNTRL C and then CNTRL V? I just tried to post the TDSSkiller which found 3 suspicious but it would not post either. Frustrating for sure..I'm back on my machine. Geez, XP is much easier to use.



#10 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 10:52 PM

Do I just highlight all text and use CNTRL C and then CNTRL V? I just tried to post the TDSSkiller which found 3 suspicious but it would not post either. Frustrating for sure..I'm back on my machine. Geez, XP is much easier to use.

 

OK, It appears I got 3 PM's sent - Minitoolbox, Adware and TDSSkiller reports..



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 10:53 PM

MiniToolBox by Farbar Version: 23-01-2014
Ran by Asus8 (administrator) on 06-02-2014 at 18:34:18
Running from "C:\Users\Asus8\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Ethernet-WFP Native MAC Layer LightWeight Filter-0000" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Asus
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 1E-71-D9-55-2D-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
Physical Address. . . . . . . . . : 6C-71-D9-55-2D-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Physical Address. . . . . . . . . : 74-D0-2B-24-7A-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d97:9a09:22d5:c59e%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 6, 2014 8:49:04 AM
Lease Expires . . . . . . . . . . : Friday, February 7, 2014 6:10:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 259313707
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D5-A4-2D-74-D0-2B-24-7A-4A
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3085:3ab7:3f57:fef9(Preferred)
Link-local IPv6 Address . . . . . : fe80::3085:3ab7:3f57:fef9%8(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D5-A4-2D-74-D0-2B-24-7A-4A
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{47F323F3-094F-44FA-B48A-E6C57FF297C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4010:801::1009
74.125.239.35
74.125.239.41
74.125.239.37
74.125.239.38
74.125.239.46
74.125.239.40
74.125.239.39
74.125.239.36
74.125.239.32
74.125.239.33
74.125.239.34


Pinging google.com [74.125.239.37] with 32 bytes of data:
Reply from 74.125.239.37: bytes=32 time=35ms TTL=54
Reply from 74.125.239.37: bytes=32 time=45ms TTL=54

Ping statistics for 74.125.239.37:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 45ms, Average = 40ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=95ms TTL=45
Reply from 206.190.36.45: bytes=32 time=76ms TTL=45

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 76ms, Maximum = 95ms, Average = 85ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...1e 71 d9 55 2d 1f ......Microsoft Wi-Fi Direct Virtual Adapter
4...6c 71 d9 55 2d 1f ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
2...74 d0 2b 24 7a 4a ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
1...........................Software Loopback Interface 1
8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 306 ::/0 On-link
1 306 ::1/128 On-link
8 306 2001::/32 On-link
8 306 2001:0:9d38:6ab8:3085:3ab7:3f57:fef9/128
On-link
2 276 fe80::/64 On-link
8 306 fe80::/64 On-link
2 276 fe80::2d97:9a09:22d5:c59e/128
On-link
8 306 fe80::3085:3ab7:3f57:fef9/128
On-link
1 306 ff00::/8 On-link
2 276 ff00::/8 On-link
8 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/06/2014 06:14:10 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b70

Start Time: 01cf23a9938061df

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 86fed8d6-8f9d-11e3-beec-74d02b247a4a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {FD54C9CB-104D-4E6C-8795-E59C2C9A4429}: Database recovery/restore failed with unexpected error -543.

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {FD54C9CB-104D-4E6C-8795-E59C2C9A4429}: Database C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb requires logfiles 58-59 (C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0003A.log - C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 58 (SettingSyncHost0).

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {E1DFAF1D-8255-4159-B105-39217075FFC6}: Database recovery/restore failed with unexpected error -543.

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {E1DFAF1D-8255-4159-B105-39217075FFC6}: Database C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb requires logfiles 58-59 (C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0003A.log - C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 58 (SettingSyncHost0).

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {E4452D25-E53E-4A57-B458-78E6B5A10532}: Database recovery/restore failed with unexpected error -543.

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {E4452D25-E53E-4A57-B458-78E6B5A10532}: Database C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb requires logfiles 58-59 (C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0003A.log - C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 58 (SettingSyncHost0).

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {F851ACA4-84A7-4885-A7A0-1B7D17BDE644}: Database recovery/restore failed with unexpected error -543.

Error: (02/06/2014 06:10:20 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {F851ACA4-84A7-4885-A7A0-1B7D17BDE644}: Database C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb requires logfiles 58-59 (C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0003A.log - C:\Users\Asus8\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 58 (SettingSyncHost0).

Error: (02/06/2014 06:09:04 PM) (Source: ESENT) (User: )
Description: SettingSyncHost (4248) {AD7860C9-8220-47E8-8715-2F5E4EF68759}: Database recovery/restore failed with unexpected error -543.


System errors:
=============
Error: (02/06/2014 05:06:24 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/06/2014 02:19:12 PM) (Source: DCOM) (User: ASUS)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}AsusAsus8S-1-5-21-3877617437-2729113769-1577702545-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/06/2014 02:18:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/06/2014 08:46:20 AM) (Source: DCOM) (User: ASUS)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}AsusAsus8S-1-5-21-3877617437-2729113769-1577702545-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/06/2014 08:45:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/06/2014 08:42:54 AM) (Source: Service Control Manager) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%1392

Error: (02/06/2014 08:42:54 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1392

Error: (02/06/2014 08:42:54 AM) (Source: Service Control Manager) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1392

Error: (02/06/2014 08:42:48 AM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1500) while initializing logging resources for channel System.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ASUS VivoBook (Version: 1.0.26)
??? (Version: 16.4.3505.0912)
???? (Version: 16.4.3505.0912)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Alcor Micro USB Card Reader (Version: 3.9.145.62246)
ASUS Instant Connect (Version: 1.2.8)
ASUS InstantOn (Version: 3.0.5)
ASUS LifeFrame3 (Version: 3.1.5)
ASUS Power4Gear Hybrid (Version: 2.1.7)
ASUS S Series Product Demo (Version: 1.0.0)
ASUS Screen Saver (Version: 1.0.0)
ASUS Smart Gesture (Version: 1.0.36)
ASUS Splendid Video Enhancement Technology (Version: 2.01.0002)
ASUS Tutor (Version: 1.0.8)
ASUS USB Charger Plus (Version: 2.1.4)
ASUS WebStorage Sync Agent (Version: 1.1.10.123)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.1.0.7)
ATK Package (Version: 1.0.0026)
D3DX10 (Version: 15.4.2368.0902)
ddeala4me
DesktopWeatherAlerts (Version: 1.0.13.0)
ExpressCache (Version: 1.0.86)
Galería de fotos (Version: 16.4.3505.0912)
Galerie de photos (Version: 16.4.3505.0912)
GigaClicks Crawler (Version: 3.0.31.0)
Google Chrome (Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.22.3)
IMVU Inc Toolbar for IE (Version: 6.17.1.25)
Intel® Dynamic Platform and Thermal Framework (Version: 6.0.6.1082)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 10.18.10.3308)
Intel® Rapid Start Technology (Version: 2.1.0.1002)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Linksicle (Version: 1.8.2.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (Version: 15.0.4420.1017)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (Version: 2.0)
Optimizer Pro v3.2
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
Platform (Version: 1.39)
Plus-HD-1.2 (Version: 1.33.153.1)
Qualcomm Atheros Client Installation Program (Version: 10.0)
ScorpionSaver (Version: 1.0.0.0)
Search Protect (Version: 2.9.65.0)
Shared C Run-time for x64 (Version: 10.0.0)
ShopAtHome.com Helper (Version: 7.2.0.12)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager (Version: 1.39)
Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (Version: 11/09/2012 1.0.0.153)
Windows Live (Version: 16.4.3505.0912)
Windows Live ??? (Version: 16.4.3505.0912)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinFlash (Version: 2.41.1)

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 3981.7 MB
Available physical RAM: 1306.06 MB
Total Pagefile: 7437.7 MB
Available Pagefile: 4178.86 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.87 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:155.05 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:257.98 GB) NTFS

========================= Users: ========================================

User accounts for \\ASUS

Administrator Asus8 Guest


**** End of log ****
 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 10:55 PM

Seems the end of TDSS log was cut off ... Can you send me the last part again.. were it says what was found. Like  last 20 lines.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 10:56 PM

# AdwCleaner v3.018 - Report created 06/02/2014 at 19:43:05
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Asus8 - ASUS
# Running from : C:\Users\Asus8\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : lssvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Linksicle
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Plus-HD-1.2
Folder Deleted : C:\Program Files (x86)\IMVU_Inc
Folder Deleted : C:\WINDOWS\SysWOW64\Searchprotect
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Users\Asus8\AppData\Local\Conduit
Folder Deleted : C:\Users\Asus8\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Asus8\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Asus8\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Asus8\AppData\LocalLow\Plus-HD-1.2
Folder Deleted : C:\Users\Asus8\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Asus8\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Asus8\Documents\optimizer pro
Folder Deleted : C:\Users\Asus8\AppData\Roaming\Mozilla\Firefox\Profiles\0ks0ocqk.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f156
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode©;}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
56d80ab7.com
Folder Deleted : C:\Users\Asus8\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa
Folder Deleted : C:\Users\Asus8\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopdmcnionefjjnmchkiimificckpkif
File Deleted : C:\Users\Asus8\AppData\Roaming\Mozilla\Firefox\Profiles\0ks0ocqk.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Asus8\AppData\Roaming\Mozilla\Firefox\Profiles\0ks0ocqk.default\user.js
File Deleted : C:\Users\Asus8\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fbtemplate.conduitapps.com_0.localstorage
File Deleted : C:\Users\Asus8\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fbtemplate.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Asus8\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Asus8\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\Plus-HD-1.2-chromeinstaller.job
File Deleted : C:\WINDOWS\System32\Tasks\Plus-HD-1.2-chromeinstaller
File Deleted : C:\WINDOWS\Tasks\Plus-HD-1.2-codedownloader.job
File Deleted : C:\WINDOWS\System32\Tasks\Plus-HD-1.2-codedownloader
File Deleted : C:\WINDOWS\Tasks\Plus-HD-1.2-enabler.job
File Deleted : C:\WINDOWS\System32\Tasks\Plus-HD-1.2-enabler
File Deleted : C:\WINDOWS\Tasks\Plus-HD-1.2-firefoxinstaller.job
File Deleted : C:\WINDOWS\System32\Tasks\Plus-HD-1.2-firefoxinstaller
File Deleted : C:\WINDOWS\Tasks\Plus-HD-1.2-updater.job
File Deleted : C:\WINDOWS\System32\Tasks\Plus-HD-1.2-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121155}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344124455}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121155}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7795C149-0058-4E8C-8663-490E870D577C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82E1BFBF-DFB8-44B6-BAA4-A41A7089DC02}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121155}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125555}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.2
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Plus-HD-1.2
Key Deleted : HKLM\Software\IMVU_Inc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.2
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Asus8\AppData\Roaming\Mozilla\Firefox\Profiles\0ks0ocqk.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3308837&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP6ABB7728-AEB5-4B78-829B-65F427EB4DED");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3308837&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP6ABB7728-AEB5-4B78-829B-65F427EB4DED&SSPV=");
Line Deleted : user_pref("extensions.5iVBZQhRAer.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 06 February 2014 - 10:57 PM

Looking better already.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 February 2014 - 11:17 PM

Looking better already.

 

Yes, I notice conduit is gone now when I open IE and sites aren't opening. I will jump back on this in the morning

 

Thanks so much!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users