Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting rid of QVO6


  • Please log in to reply
18 replies to this topic

#1 Cynthia39

Cynthia39

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 27 March 2014 - 08:06 PM

Hi,

I'm new to the forum and while I appreciate that there are numerous posts dealing with this hijacker problem, I become confused reading the various posts and hope I can be taken through the process step by step.

I have a Dell laptop running Win7 and use both IE8 and Chrome as browsers. Both are infected with what I assume is QVO6. I get a QVO6 startup to my opening address in the search line and, when going to a secure site, I get the "https" part but it often has a red line through it, which I take to be a warning that the site is not secure.

Where do I start? I have tried a few sites offering to fix the problem but it usually ends up with a charge to be levied somewhere.

Can the problem be fixed without spending money on programs that may or may not work?


Edited by Orange Blossom, 27 March 2014 - 08:18 PM.
Moved to AII from General Security. ~ OB


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:33 PM

Posted 27 March 2014 - 10:51 PM

Hello Cynthia and Welcome -
99% of infections can be removed with Free Tools, and we only use Free tools here.
 

Please download all tools to Desktop and use Copy and Paste when you post logs back here.

Do not use the Quote tab to reply, unless you wish to make a point about a particular post.

Just click in the empty reply box and you can then post your reply.

 

Feel free to ask any questions as we go, as there may be a few bits that you do not always understand .

Take your time, as you only need to post one log at a time .........

 

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so, or Temporarily Disable Your Anti-virus.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Next -

* Please download and run RKill by Grinler to Desktop.

* Double click on the icon to run it.

* Vista/Windows 7/8 users right-click and select Run As Administrator.
* A black DOS box will briefly flash and then disappear.
* This is normal and indicates the tool ran successfully.

* Please copy and the result text back here.

 

 

Now:

* Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
* If you see any which you do not want removed, remove the check mark next to it. 

* If you are not sure of what to remove, please post the [R0].txt log here for review.

* Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infections can be removed. 
* Click on OK, and then OK again to confirm the reboot.
* When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
* Please copy and the paste this log in your next post.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM)

- Do not accept the free offer for the Pro Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.
To remove all "found items" you can follow the steps in this Malwarebytes illustrated blog post:
http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/

 

Last -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<== Full Directions Here (only post the link back here)

 

 

We will review these logs and then continue after this -



#3 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 27 March 2014 - 11:14 PM

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 PC Cleaner v3.2   
 JavaFX 2.1.1    
 Java™ 6 Update 22  
 Java 7 Update 51  
 Adobe Reader XI  
 Mozilla Thunderbird (24.4.0) 
 Google Chrome 32.0.1700.76  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Common Files Microsoft Shared Windows Live AvastSvc.exe -?- 
 Common Files Microsoft Shared Windows Live AvastUI.exe -?- 
 Firetrust MailWasher MailWasher.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#4 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 27 March 2014 - 11:31 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Cynthia (administrator) on 28-03-2014 at 15:29:15
Running from "C:\Users\Cynthia\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Dell Wireless 1701 802.11b/g/n = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?!) subinterface=ethernet_6 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Cynthia-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.gateway
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 64-27-37-E6-B3-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home.gateway
   Description . . . . . . . . . . . : Dell Wireless 1701 802.11b/g/n
   Physical Address. . . . . . . . . : 64-27-37-E6-B3-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c088:736e:7761:6ec8%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 26 March 2014 8:41:55 AM
   Lease Expires . . . . . . . . . . : Saturday, 29 March 2014 3:13:24 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 375662391
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-0C-EA-4A-24-B6-FD-3C-4B-04
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 24-B6-FD-3C-4B-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 64-27-37-E6-B3-2E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:30e1:3c3e:3557:9423(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::30e1:3c3e:3557:9423%19(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.home.gateway:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home.gateway
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{DA66E203-E613-49C9-8B77-E2B4FCCE02C0}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{BC23C3E7-432F-4339-8AD8-2191AE41F75A}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{AB94F9C2-478C-43CD-B88A-F25C00DA58DC}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2404:6800:4006:803::100e
 74.125.237.101
 74.125.237.100
 74.125.237.104
 74.125.237.110
 74.125.237.105
 74.125.237.96
 74.125.237.103
 74.125.237.97
 74.125.237.102
 74.125.237.99
 74.125.237.98
 
 
Pinging google.com [74.125.237.98] with 32 bytes of data:
Reply from 74.125.237.98: bytes=32 time=15ms TTL=56
Reply from 74.125.237.98: bytes=32 time=24ms TTL=56
 
Ping statistics for 74.125.237.98:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 24ms, Average = 19ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=257ms TTL=49
Reply from 98.138.253.109: bytes=32 time=256ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 256ms, Maximum = 257ms, Average = 256ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...64 27 37 e6 b3 2d ......Microsoft Virtual WiFi Miniport Adapter
 15...64 27 37 e6 b3 2d ......Dell Wireless 1701 802.11b/g/n
 13...24 b6 fd 3c 4b 04 ......Realtek PCIe FE Family Controller
 12...64 27 37 e6 b3 2e ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254      192.168.1.3     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    286
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    286
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 19     58 2001::/32                On-link
 19    306 2001:0:9d38:6ab8:30e1:3c3e:3557:9423/128
                                    On-link
 15    286 fe80::/64                On-link
 19    306 fe80::/64                On-link
 19    306 fe80::30e1:3c3e:3557:9423/128
                                    On-link
 15    286 fe80::c088:736e:7761:6ec8/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    306 ff00::/8                 On-link
 15    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/28/2014 10:22:18 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/26/2014 08:54:13 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/25/2014 07:03:15 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (03/22/2014 08:07:59 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (03/20/2014 03:00:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/20/2014 03:00:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x0000000000004e03
Faulting process id: 0x934
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
 
Error: (03/19/2014 06:21:19 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/16/2014 11:15:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/16/2014 10:44:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/16/2014 10:05:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/20/2014 03:00:35 AM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/18/2014 01:14:52 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DREW-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0F485E4-7F59-4CC4-B04C-056AEF5BC1C7}.
The master browser is stopping or an election is being forced.
 
Error: (03/18/2014 08:03:41 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DREW-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0F485E4-7F59-4CC4-B04C-056AEF5BC1C7}.
The master browser is stopping or an election is being forced.
 
Error: (03/15/2014 08:12:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (03/14/2014 10:04:21 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 
Error: (03/14/2014 03:23:52 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (03/14/2014 03:20:22 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 
Error: (03/12/2014 08:20:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/12/2014 08:20:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/12/2014 08:20:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
Microsoft Office Sessions:
=========================
Error: (03/28/2014 10:22:18 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
 
Error: (03/26/2014 08:54:13 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
 
Error: (03/25/2014 07:03:15 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (03/22/2014 08:07:59 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (03/20/2014 03:00:54 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
 
Error: (03/20/2014 03:00:24 AM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc00000050000000000004e0393401cf40a84c0f0fd3C:\windows\system32\svchost.exec:\windows\system32\sysmain.dll946f517e-af7f-11e3-97df-642737e6b32e
 
Error: (03/19/2014 06:21:19 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
 
Error: (03/16/2014 11:15:39 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary djdhpdwf.
 
System Error:
The system cannot find the file specified.
 
Error: (03/16/2014 10:44:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/16/2014 10:05:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 4004.27 MB
Available physical RAM: 1522.39 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 4001.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.89 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:355.9 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CYNTHIA-PC
 
Administrator            Cynthia                  Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 


#5 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 27 March 2014 - 11:38 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/28/2014 03:36:18 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/28/2014 03:37:27 PM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)
 


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:33 PM

Posted 27 March 2014 - 11:53 PM

Sorry - My error -

Download MiniToolBox, Save it to your desktop and run it. (it should still be there)
* Only select List Installed Programs

 

Copy and Paste those items back here -


Edited by noknojon, 27 March 2014 - 11:55 PM.


#7 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 March 2014 - 12:10 AM

# AdwCleaner v3.022 - Report created 28/03/2014 at 15:40:35
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cynthia - CYNTHIA-PC
# Running from : C:\Users\Cynthia\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : bonanzadealslivem

***** [ Files / Folders ] *****

File Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage
File Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal
File Found : C:\Users\Cynthia\Desktop\Optimizer Pro.lnk
File Found : C:\windows\System32\Tasks\BitGuard
File Found : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
File Found : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
File Found : C:\windows\System32\Tasks\SpyHunter4Startup
File Found : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
File Found : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Folder Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Folder Found : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Found C:\Program Files (x86)\A_Free_Ride_Games_Bar
Folder Found C:\Program Files (x86)\BonanzaDeals
Folder Found C:\Program Files (x86)\BonanzaDealsLive
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Deal Spy
Folder Found C:\Program Files (x86)\File Type Assistant
Folder Found C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found C:\Program Files (x86)\Free Ride Games
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Optimizer Pro
Folder Found C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Found C:\Program Files (x86)\WebConnect
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BonanzaDealsLive
Folder Found C:\ProgramData\eSafe
Folder Found C:\ProgramData\Free Ride Games
Folder Found C:\ProgramData\KingCCoUUpon
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found C:\Users\Cynthia\AppData\Local\BonanzaDealsLive
Folder Found C:\Users\Cynthia\AppData\Local\Conduit
Folder Found C:\Users\Cynthia\AppData\Local\Deal Spy
Folder Found C:\Users\Cynthia\AppData\Local\FileTypeAssistant
Folder Found C:\Users\Cynthia\AppData\Local\genienext
Folder Found C:\Users\Cynthia\AppData\Local\Mobogenie
Folder Found C:\Users\Cynthia\AppData\Local\Temp\eIntaller
Folder Found C:\Users\Cynthia\AppData\LocalLow\A_Free_Ride_Games_Bar
Folder Found C:\Users\Cynthia\AppData\LocalLow\Conduit
Folder Found C:\Users\Cynthia\AppData\LocalLow\mixidj
Folder Found C:\Users\Cynthia\AppData\LocalLow\PriceGong
Folder Found C:\Users\Cynthia\AppData\Roaming\Babylon
Folder Found C:\Users\Cynthia\AppData\Roaming\eUpdate
Folder Found C:\Users\Cynthia\AppData\Roaming\file scout
Folder Found C:\Users\Cynthia\AppData\Roaming\iWin
Folder Found C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Found C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\Users\Cynthia\AppData\Roaming\newnext.me
Folder Found C:\Users\Cynthia\AppData\Roaming\Optimizer Pro
Folder Found C:\Users\Cynthia\Documents\Mobogenie
Folder Found C:\Users\Cynthia\Documents\Optimizer Pro

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\Desktop\SHORTCUTS\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
Shortcut Found : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Key Found : HKCU\Software\5c55da8cbc3ab845
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\A_Free_Ride_Games_Bar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Deal Spy
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BonanzaDealsLive
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Vittalia
Key Found : HKCU\Software\WebConnect
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\BonanzaDealsLive
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Vittalia
Key Found : [x64] HKCU\Software\WebConnect
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Found : HKLM\Software\A_Free_Ride_Games_Bar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BonanzaDealsLive
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222622276}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026276.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026276.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026276.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026276.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Deal Spy
Key Found : HKLM\Software\delta-homesSoftware
Key Found : HKLM\Software\eSafeSecControl
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211621176}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211621176}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5913F52F-720B-4878-A734-D81D6D8C1CA8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77A5B145-8650-4ED1-990D-21674C70CACD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D110574-046A-43BB-A64C-4219E6A097DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A_Free_Ride_Games_Bar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Key Found : HKLM\Software\qvo6Software
Key Found : HKLM\Software\TotalRecipeSearch_14EI
Key Found : HKLM\Software\Vittalia
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F92A9FE4-2850-4198-B9D5-279880E49B16}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]
Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1380232746
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1380232746

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [21586 octets] - [28/03/2014 15:40:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21647 octets] ##########



#8 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 March 2014 - 12:12 AM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Cynthia (administrator) on 28-03-2014 at 16:11:12
Running from "C:\Users\Cynthia\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
=========================== Installed Programs ============================
 
3D Mahjong Deluxe (Version: 2.2.0.98)
7 Sticky Notes
A Free Ride Games Bar Toolbar (Version: 6.8.9.0)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Advanced Audio FX Engine (Version: 1.12.05)
Alice and the Magic Gardens (Version: 2.2.0.98)
Amazing Pyramids (Version: 2.2.0.110)
Atlantis Trilogy Bundle (Version: 2.2.0.110)
avast! Free Antivirus (Version: 9.0.2013)
avast! Free Antivirus Free Download Packages
Barn Yarn Collector's Edition (Version: 3.0.2.48)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Bar (Version: 7.3.124.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bounce Symphony (Version: 2.2.0.95)
Brother's Keeper 6.5
Build-a-lot 2 (Version: 2.2.0.95)
Build-a-lot Fairy Tales (Version: 2.2.0.110)
Cake Mania (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
City of Fools (Version: 2.2.0.110)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
Curse at Twilight (Version: 3.0.2.32)
CutePDF Writer 2.7
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.6.225.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Product Registration (Version: 1.1.3)
Dell Stage (Version: 1.7.209.0)
Dell Stage Remote (Version: 2.0.0.43)
Dell Touchpad (Version: 7.1207.101.225)
Dell VideoStage  (Version: 1.3.0.2214)
Dell Webcam Central (Version: 2.00.44)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DirectX 9 Runtime (Version: 1.00.0000)
Dora's World Adventure (Version: 2.2.0.95)
DW WLAN Card (Version: 5.100.82.88)
Eastville Chronicles: The Drama Queen Murder (Version: 3.0.2.32)
eBay (Version: 1.4.0)
Efficient Lady's Organizer Free 3.10
Escape Whisper Valley ™ (Version: 2.2.0.95)
Euxerauunnerr
Farm Frenzy (Version: 2.2.0.95)
FarmQuest (Version: 3.0.2.32)
FATE (Version: 2.2.0.95)
File Type Assistant
Final Drive Fury (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Free Ride Games Player
Frozen Kingdom (Version: 3.0.2.32)
Garden Rescue (Version: 2.2.0.110)
Ghost Whisperer (Version: 3.0.2.32)
Google Chrome (Version: 33.0.1750.146)
Google Drive (Version: 1.13.5782.599)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.5)
Google+ Auto Backup (Version: 1.0.21.81)
IDT Audio (Version: 1.0.6341.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2342)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
IrfanView (remove only) (Version: 4.37)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
JDVoiceMail 2.53 (Version: 2.53)
Jewel Quest (Version: 2.2.0.95)
Jewel Quest Mysteries (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
KingCCoUUpon
Luxor (Version: 2.2.0.95)
Luxor Amun Rising HD (Version: 3.0.2.32)
MailWasher (Version: 1.20.0)
MailWasher (Version: 7.3.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Monopoly® (Version: 3.0.2.32)
Mozilla Maintenance Service (Version: 24.4.0)
Mozilla Thunderbird 24.4.0 (x86 en-US) (Version: 24.4.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.5.6426.22)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Blu-ray Player (Version: 12.0.20030)
Nero Control Center 10 (Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.20500.9.16)
Nero Update (Version: 11.0.11800.31.0)
Office Suite X 3.3 (Version: 3.3.9567)
Optimizer Pro v3.2
Paris Mahjong (Version: 2.2.0.110)
PC Cleaner v3.2 (Version: 3.2)
Penguins! (Version: 2.2.0.95)
PhotoShowExpress (Version: 2.0.063)
Picasa 3 (Version: 3.9)
Picasa Free Download Packages
PIXresizer (Version: 2.0.5)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Qlock Pro
Quickset64 (Version: 10.09.25)
Qvo 6 Virus Removal Tool (Version: build_1.0.0.100_rev_%SVNRevision%_date_%CompileDateTime%)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek Ethernet Controller Driver (Version: 7.45.516.2011)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30126)
Rome and Egypt (Version: 2.2.0.110)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
saaFErrweB
Safari Quest (Version: 2.2.0.110)
Samantha Swift (Version: 2.2.0.95)
SauverProu
SavearAdadOn
Sisters Secrecy: Arcanum Bloodlines Premium Edition (Version: 2.2.0.110)
Skype Click to Call (Version: 7.1.15383.6004)
Skype Free Download Packages
Skype™ 6.14 (Version: 6.14.104)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spooky Mall (Version: 2.2.0.110)
SpyHunter (Version: 4.17.6.4336)
Super Collapse Puzzle Gallery 2 (Version: 2.2.0.98)
SyncUP (Version: 1.12.12400.17.102)
SyncUP (Version: 10.2.16100)
The Sea App (Internet Explorer) 
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VoiceMaster 2.0.0.155
WebConnect 3.0.0 (Version: 3.0.0)
Wedding Dash - Ready, Aim, Love! (Version: 2.2.0.95)
WIDCOMM Bluetooth Software (Version: 6.3.0.7600)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games (Version: 1.0.4.0)
WildTangent Games App (Dell Games) (Version: 4.0.10.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wisdom-soft ScreenHunter 6.0 Free
Yahoo! Software Update
Yahoo!7 Toolbar
Zinio Reader 4 (Version: 4.2.4164)
Zuma Deluxe (Version: 2.2.0.95)
 
**** End of log ****
 


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:33 PM

Posted 28 March 2014 - 12:38 AM

Hi -

There is quite a bit there, so I will try and break it up for you .

 

 

Win7 and use both IE8 and Chrome as browsers.

Please note that you run I.E.11 and Google Chrome 33.0 as your browsers.

 

 

 

From AdwCleaner scan => Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9500325AS_5VERE218XXXX5VERE218&ts=1378849157 )
 

The program is mentioned several times in the Uninstall list, so I would re open the program and hit Clean

BonanzaDealsLiveUpdate - A_Free_Ride_Games_Bar - Babylon <= are all programs to remove.
You do have A Free Ride Games Bar Toolbar installed, but it is another add on

 

Do you notice any programs in the list that you would like to keep??

 

I would prefer to remove all of them. If there is any minor add-on you can re install after we finish cleaning.

 

 

 

Please go - Start > Control Panel > Programs and Features, and uninstall these programs

SpyHunter  by Eniga Software (it will not work)
PC Cleaner v3.2   <= Very bad, and was installed with another download
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
Java™ 6 Update 22  <= Outdated versions should always be removed.

 

 

 

Superfetch service terminated unexpectedly (Error)
Follow these steps:
a.  Click “Start Orb”
b.  Type “services.msc” in the Start search box and hit “Enter.”
c.  Scroll down and look for "Superfetch" under the “Name” column.
d.  Right-click “Superfetch” and click “Properties.”
e.  In the “Startup type” list, select “Automatic.”
f.   Click “Start” to start the service.
g.  Click “Apply” and click “OK.”

 

 

 

Open Internet Explorer > Tools (at the top) > Down to Internet Options > Check your Home Page has not been altered from what you normally use.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:33 PM

Posted 28 March 2014 - 01:31 AM

Qvo 6 Virus Removal Tool will also be listed as part of SpyHunter

So we do need to remove both of these programs ........



#11 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 March 2014 - 01:56 AM

Hello again N,

I seem to be constantly interrupting myself. I was in the process of replying to your last-but-one post when I deecided to remove the old version of Malwarebytes and of course it required a reboot.

I carrid out the procedures you outlined and removed the programs listed (as well as the QVO removal tool).

I checked IE for start page and it is listed as www.google.com.au. The QVO6 startup page seems to have disappeared from IE6 (havent checked Chrome yet.

I will now download current version of MBAM and run a scan. Then I will try to figure out how to post a "speccy" photo.

 

thank you



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:33 PM

Posted 28 March 2014 - 02:25 AM

Thanks for your updates.

 

If you slowly read the link for Speccy, you will see that it is simple.

 

Some of this is just to check the condition of your computer as well as removal of infections.



#13 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 March 2014 - 03:11 AM

I have just downloaded the latest, updated version of MBAM and run a scan.

It listed many PUP's however, I cannot see an option to delete. 

Each listed item is shown as "quarantine" with (drop down) options as "add exclusion" or "ignore once", with the main option being Quarantine All.

Anyway, I have just located the SO.txt file and will post that separately

 

thank you



#14 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 March 2014 - 03:13 AM

This is the SO,txt file, for what it is worth

 

# AdwCleaner v3.022 - Report created 28/03/2014 at 16:41:02
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cynthia - CYNTHIA-PC
# Running from : C:\Users\Cynthia\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : 70e6ca8c
[#] Service Deleted : bonanzadealslivem
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\KingCCoUUpon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Deleted : C:\Program Files (x86)\WebConnect
Folder Deleted : C:\Program Files (x86)\Deal Spy
Folder Deleted : C:\Program Files (x86)\A_Free_Ride_Games_Bar
Folder Deleted : C:\Users\Cynthia\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\Cynthia\AppData\Local\Conduit
Folder Deleted : C:\Users\Cynthia\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Cynthia\AppData\Local\genienext
Folder Deleted : C:\Users\Cynthia\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Cynthia\AppData\Local\Deal Spy
Folder Deleted : C:\Users\Cynthia\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Cynthia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cynthia\AppData\LocalLow\mixidj
Folder Deleted : C:\Users\Cynthia\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Cynthia\AppData\LocalLow\A_Free_Ride_Games_Bar
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\eUpdate
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\file scout
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\iWin
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Cynthia\Documents\Mobogenie
Folder Deleted : C:\Users\Cynthia\Documents\Optimizer Pro
Folder Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Folder Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
File Deleted : C:\Users\Cynthia\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage
File Deleted : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\BitGuard
File Deleted : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
File Deleted : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
File Deleted : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
File Deleted : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
File Deleted : C:\windows\System32\Tasks\SpyHunter4Startup
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Cynthia\Desktop\SHORTCUTS\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026276.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026276.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026276.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026276.Sandbox.1
Key Deleted : HKCU\Software\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222622276}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D110574-046A-43BB-A64C-4219E6A097DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211621176}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211621176}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77A5B145-8650-4ED1-990D-21674C70CACD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5913F52F-720B-4878-A734-D81D6D8C1CA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F92A9FE4-2850-4198-B9D5-279880E49B16}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKCU\Software\WebConnect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Deal Spy
Key Deleted : HKCU\Software\AppDataLow\Software\A_Free_Ride_Games_Bar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BonanzaDealsLive
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\Deal Spy
Key Deleted : HKLM\Software\A_Free_Ride_Games_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A_Free_Ride_Games_Bar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [21848 octets] - [28/03/2014 15:40:35]
AdwCleaner[S0].txt - [19976 octets] - [28/03/2014 16:41:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20037 octets] ##########


#15 Cynthia39

Cynthia39
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 March 2014 - 04:14 AM

At this time, I am preparing for a good night's sleep. It appears, after a reboot seconds ago, that the QVO6 pest  has gone from Both IE and Chrome.

I am deeply indebted to my mentor, Noknojon, at Bleepingcomputer for all the help and guidance provided in what must be one of the most wearing experiences in my life.

My wife, Cynthia, also thanks you most sincerely. I will try to follow up on the remaining matters of the speccy shot tomorrow

 

Cynthia39's husband.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users