Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan detected... need help


  • Please log in to reply
10 replies to this topic

#1 armonismama

armonismama

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 17 April 2014 - 11:53 AM

Hello-  
I need assistance, I am running a scan as I felt my computer was infected, which it is!!!!  I am still in the process of running a scan.
I am using Microsoft Security Essentials:
It isn't even 1/4 of the way done scanning and It has already found a Trojan
Trojan:Win32/Reveton.V
When I go to remove it I get a window pop up that states " some of the detected threats couldn't be removed. Access is denied. Error code 0x80070005"
 
I am already running a scan with malwarebytes which is as far along as MSE and it states that there is already 46 items detected.
 
If I could PLEASE get some assistance I would greatly appreciate it.

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 17 April 2014 - 12:10 PM

thank you animal :)



#3 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 17 April 2014 - 01:48 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Randi :: RANDI-PC [administrator]

4/17/2014 12:32:32 PM
MBAM-log-2014-04-17 (12-44-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239743
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Detected: 2
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager) -> 1268 -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> 1588 -> No action taken.

Memory Modules Detected: 2
C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken.

Registry Keys Detected: 25
HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager) -> No action taken.
HKCR\CLSID\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} (PUP.DealPly) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} (PUP.DealPly) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} (PUP.DealPly) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} (PUP.DealPly) -> No action taken.
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Adpeak) -> No action taken.
HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken.
HKCU\Software\AppDataLow\Software\Level Quality Watcher (PUP.Optional.LevelQualityWatcher.A) -> No action taken.
HKCU\Software\AppDataLow\Software\Scorpion Saver (PUP.Optional.Adpeak) -> No action taken.
HKCU\Software\AppDataLow\Software\ScorpionSaver (PUP.Optional.ScorpionSaver.A) -> No action taken.
HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> No action taken.
HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE} (PUP.Optional.Adpeak) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> No action taken.

Registry Values Detected: 5
HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Data: dpaln -> No action taken.
HKCU\Software\Mozilla\Firefox\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Data: C:\Users\Randi\AppData\Local\GreatArcadeHits\gahff.xpi -> No action taken.
HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Data: C:\Program Files (x86)\DealPly\DealPly.crx -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}|DisplayName (PUP.Optional.Adpeak) -> Data: Level Quality Watcher -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Data: C:\ProgramData\WPM\wprotectmanager.exe -service -> No action taken.

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bad: (http://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com/?type=sc&ts=1386346430&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG) Good: (iexplore.exe) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.NationZoom.A) -> Bad: (http://www.nationzoom.com/web/?type=ds&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG&q={searchTerms}) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bad: (http://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG) Good: (http://www.google.com) -> No action taken.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bad: (http://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG) Good: (http://www.google.com) -> No action taken.
HKLM\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.NationZoom) -> Bad: (http://www.nationzoom.com/web/?type=ds&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG&q={searchTerms}) Good: (http://www.google.com) -> No action taken.

Folders Detected: 17
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Program Files (x86)\DealPly (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply.A) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Randi\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\Dealply (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\GreatArcade (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\MyBackupPc (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\OptimizerPro (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\Qone8 (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\ScorpionSaver (PUP.Optional.BundleInstaller.A) -> No action taken.

Files Detected: 114
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager) -> No action taken.
C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\newsetup.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\installer.exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\parent.txt (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\3b1379f7-0af9-415a-8a13-5c5dc0199f410\parent.txt (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\3b1379f7-0af9-415a-8a13-5c5dc0199f410\software\Dealply.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\3b1379f7-0af9-415a-8a13-5c5dc0199f410\software\GreatArcadeHits.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\3b1379f7-0af9-415a-8a13-5c5dc0199f410\software\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\3b1379f7-0af9-415a-8a13-5c5dc0199f410\software\ScorpionSaver.msi (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\3b1379f7-0af9-415a-8a13-5c5dc0199f410\software\tugs_nationzoom.exe (PUP.Optional.SkyTech.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\software\Dealply.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\software\GreatArcadeHits.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\software\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\software\ScorpionSaver.msi (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\software\tugs_nationzoom.exe (PUP.Optional.SkyTech.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\fullpackage_temp1386346408\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\fullpackage_temp1386346408\tmp\NewGdp.exe (PUP.Optional.WpManager) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\fullpackage_temp1386346468\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\fullpackage_temp1386346468\tmp\NewGdp.exe (PUP.Optional.WpManager) -> No action taken.
C:\Users\Randi\Downloads\Player_Plugin(1).exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\Downloads\Player_Plugin.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\Local Settings\Temporary Internet Files\Content.IE5\5YVJSNDD\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.
C:\WINDOWS\Installer\a13cf58.msi (PUP.Optional.Adpeak) -> No action taken.
C:\WINDOWS\Installer\a1a8a6c.msi (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\WINDOWS\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\DealPlyIE64.dll (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\DealPlyUpdateRun.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\DealPlyUpdateVer.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\icon.ico (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPly\uninst.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\nationzoom.xml (PUP.Optional.NationZoom.A) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Randi\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\gahcrx.zip (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\PopupBroker.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\base.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\dealply.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\greatarcadehits.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\jquery.min.js (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\mypcbackup.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\nationzoom.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\optimizerpro.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position1A.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position2A.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position2B.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position2C.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position3A.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position3B.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position3C.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position3D.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\position4A.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\scorpionsaver.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\style.css (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\bg_app.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\bg_app.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\bg_app_obv.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\boton.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\boton_xl.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\bullet-short.gif (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\bullet-shortw.gif (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\bullet.gif (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\butpause.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\butplay.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\check-close.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\check.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\cross.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\dealply-logo-gris.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\dealply-logo.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\dealply-logo2.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\less.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\logo-win.jpg (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\more.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\mypcbackup.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\optimizerpro-img.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\optimizerpro-logo-big.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\optimizerpro-logo.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\percentage-bg.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\progress.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\progress_small.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\css\images\progress_small_bg.png (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\Dealply\info.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\box.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\close.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\finish.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\group.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\instalando.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\options.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\exe\welcome.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\GreatArcade\info.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\MyBackupPc\info.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\OptimizerPro\info.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\Qone8\info.html (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Randi\AppData\Local\Temp\DM\bin\ScorpionSaver\info.html (PUP.Optional.BundleInstaller.A) -> No action taken.

(end)



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 17 April 2014 - 02:13 PM

Hi amonismama,

please run AdwCleaner next:
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 17 April 2014 - 02:19 PM

# AdwCleaner v3.023 - Report created 17/04/2014 at 13:16:57
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Randi - RANDI-PC
# Running from : C:\Users\Randi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIFZK22Q\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\Dealply
File Found : C:\Windows\System32\Tasks\DealPlyUpdate
Folder Found : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\mey0pg4f.default\Extensions\addon@dealplyshopping.com
Folder Found : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\mey0pg4f.default\Extensions\ScorpionSaver@jetpack
Folder Found C:\Program Files (x86)\Level Quality Watcher
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Optimizer Pro
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\WPM
Folder Found C:\Users\Randi\Documents\Optimizer Pro

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )
Shortcut Found : C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )
Shortcut Found : C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )
Shortcut Found : C:\Users\Randi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )
Shortcut Found : C:\Users\Randi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )
Shortcut Found : C:\Users\Randi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\supWPM
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nationzoom.com/web/?type=ds&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nationzoom.com/web/?type=ds&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG&q={searchTerms}

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\mey0pg4f.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG");
Line Found : user_pref("browser.search.defaultenginename", "nationzoom");
Line Found : user_pref("browser.search.selectedEngine", "nationzoom");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5249 octets] - [17/04/2014 13:16:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5309 octets] ##########



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 17 April 2014 - 02:21 PM

Hi,

ok let's remove what AdwCleaner found, that should include NationZoom:
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 17 April 2014 - 02:37 PM

# AdwCleaner v3.023 - Report created 17/04/2014 at 13:30:20
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Randi - RANDI-PC
# Running from : C:\Users\Randi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10JIURF5\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Randi\Documents\Optimizer Pro
Folder Deleted : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\mey0pg4f.default\Extensions\addon@dealplyshopping.com
Folder Deleted : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\mey0pg4f.default\Extensions\ScorpionSaver@jetpack
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Randi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Randi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Randi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\supWPM
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Randi\AppData\Roaming\Mozilla\Firefox\Profiles\mey0pg4f.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG");
Line Deleted : user_pref("browser.search.defaultenginename", "nationzoom");
Line Deleted : user_pref("browser.search.selectedEngine", "nationzoom");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1386346536&from=tugs&uid=ST9320325AS_5VD060QGXXXX5VD060QG");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Randi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5421 octets] - [17/04/2014 13:16:57]
AdwCleaner[R1].txt - [5481 octets] - [17/04/2014 13:27:57]
AdwCleaner[S0].txt - [4362 octets] - [17/04/2014 13:30:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4422 octets] ##########



#8 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 17 April 2014 - 02:58 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/17/2014
Scan Time: 1:58:27 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.17.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Randi

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 203109
Time Elapsed: 16 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, , [660482a93d3ec670fa57136bdb27cc34],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 17 April 2014 - 03:01 PM

Hi,

you can remove that, but it should not make much difference it is a leftover.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 19 April 2014 - 03:11 PM

# AdwCleaner v3.024 - Report created 19/04/2014 at 14:09:30
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lori Walsh - LORIWALSH-PC
# Running from : C:\Users\Lori Walsh\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Lori Walsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\searchplugins\mywebsearch.xml
File Found : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\user.js
File Found : C:\Users\Lori Walsh\Desktop\MyPC Backup.lnk
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\Extensions\m3ffxtbr@mywebsearch.com
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\BrowserSafeguard
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Optimizer Pro
Folder Found C:\Program Files (x86)\PCFixSpeed
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Lori Walsh\AppData\Local\CouponAlert_2p
Folder Found C:\Users\Lori Walsh\AppData\Local\CrashRpt
Folder Found C:\Users\Lori Walsh\AppData\Local\SearchProtect
Folder Found C:\Users\Lori Walsh\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Lori Walsh\AppData\LocalLow\CouponAlert_2p
Folder Found C:\Users\Lori Walsh\AppData\LocalLow\FunWebProducts
Folder Found C:\Users\Lori Walsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Lori Walsh\AppData\Roaming\Optimizer Pro
Folder Found C:\Users\Lori Walsh\Documents\Optimizer Pro
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\FunWebProducts
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\prefs.js ]

Line Found : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Found : user_pref("extensions.enabledAddons", "m3ffxtbr%40mywebsearch.com:1.1,nkunwudjgn%40nkunwudjgn.org:2.5,%7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116,TidyNetwork%40TidyNetwork:5.0,%7B7[...]
Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{635abd67-4fe9-1b23-4f01[...]
Line Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZKxdm5282GUS&ptnrS=ZKxdm5282GUS&si=39631&ptb=BgsRIGtMgNufrPmWCMrHtQ&ind=2010070910&n=77[...]
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm5282GUS&ptnrS=ZKxdm5282GUS&si=39631&ptb=BgsRIGtMgNufrPmWCMrHtQ&ind=2010070910&n=77cf3f7e&[...]
Line Found : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77ecd8d9&ptnrS=CDxpi000");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012010713");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "CDxpi000");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "undefined");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.recentlyClosed", "{\"list\":[{\"url\":\"hxxps://www.globalopinionpanels.com/home\",\"favIcon\":\"hxxps://www.globalopinionpanels.com/html/themes/syn[...]
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "80010");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponalert@mindspark.com");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Lori Walsh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : suggest_url
Found : keyword
Found : suggest_url

*************************

AdwCleaner[R0].txt - [15643 octets] - [19/04/2014 14:09:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15704 octets] ##########



#11 armonismama

armonismama
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:34 AM

Posted 19 April 2014 - 03:16 PM

# AdwCleaner v3.024 - Report created 19/04/2014 at 14:11:32
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lori Walsh - LORIWALSH-PC
# Running from : C:\Users\Lori Walsh\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BrowserSafeguard
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Lori Walsh\AppData\Local\CouponAlert_2p
Folder Deleted : C:\Users\Lori Walsh\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Lori Walsh\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Lori Walsh\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lori Walsh\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Lori Walsh\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Lori Walsh\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Lori Walsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Lori Walsh\Documents\Optimizer Pro
Folder Deleted : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\Extensions\m3ffxtbr@mywebsearch.com
File Deleted : C:\END
File Deleted : C:\Users\Lori Walsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Lori Walsh\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Lori Walsh\AppData\Roaming\Mozilla\Firefox\Profiles\u9y7bpto.default\prefs.js ]

Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.enabledAddons", "m3ffxtbr%40mywebsearch.com:1.1,nkunwudjgn%40nkunwudjgn.org:2.5,%7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116,TidyNetwork%40TidyNetwork:5.0,%7B7[...]
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{635abd67-4fe9-1b23-4f01[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZKxdm5282GUS&ptnrS=ZKxdm5282GUS&si=39631&ptb=BgsRIGtMgNufrPmWCMrHtQ&ind=2010070910&n=77[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm5282GUS&ptnrS=ZKxdm5282GUS&si=39631&ptb=BgsRIGtMgNufrPmWCMrHtQ&ind=2010070910&n=77cf3f7e&[...]
Line Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77ecd8d9&ptnrS=CDxpi000");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012010713");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "CDxpi000");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.recentlyClosed", "{\"list\":[{\"url\":\"hxxps://www.globalopinionpanels.com/home\",\"favIcon\":\"hxxps://www.globalopinionpanels.com/html/themes/syn[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "80010");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponalert@mindspark.com");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Lori Walsh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [15977 octets] - [19/04/2014 14:09:30]
AdwCleaner[S0].txt - [15903 octets] - [19/04/2014 14:11:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15964 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users