Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 Laptop keeps setting Internet Explorer Proxy Server


  • Please log in to reply
1 reply to this topic

#1 allenflame

allenflame

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 June 2015 - 12:02 PM

I have a Windows 8.1 Laptop that keeps getting it's Use Proxy Server setting turned on in Internet Options.  I uncheck it, click OK, click Lan Settings and it's checked again.  I've run Rkill, Adwcleaner, JRT, Tdsskiller, and run a full Malwarebytes.  I am currently running a sfc /scannow, as I couldn't get gpedit.msc to load.  Any ideas?

 

Here's my Adwcleaner(SO).txt

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 11:43:39
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : reginaldscott - HERMAN
# Running from : C:\Users\reginald\Desktop\phillip\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\App Client
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\reginald\AppData\Local\globalUpdate
Folder Deleted : C:\Users\reginald\AppData\Local\GeniusBox
Folder Deleted : C:\Users\reginald\AppData\Local\Kromtech
Folder Deleted : C:\Users\reginald\AppData\LocalLow\zoomify
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akjeeijengimhajmemcjoocganikbopa
File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\WINDOWS\System32\drivers\SPPD.sys
File Deleted : C:\Users\reginald\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Check Updates
Task Deleted : GeniusBox
Task Deleted : pcreg
Task Deleted : Validate Installation
Task Deleted : Yahoo! Search
Task Deleted : Yahoo! Search Updater
Task Deleted : WinZipDriverUpdaterRunAtStartup
Task Deleted : TidyNetwork Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7369E393-7379-41E9-AB90-1506BF3C373B}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKCU\Software\rttasks
Key Deleted : HKCU\Software\AppDataLow\Software\zoomify
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ch&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0DtCyC0CtCyCyCtG0AtD0CyDtGzzyCtB0FtGzz0FtD0CtGyD0BtDyBtDzz0CyE0A0B0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1127455454&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [22311 bytes] - [05/06/2015 11:42:39]
AdwCleaner[S0].txt - [8739 bytes] - [05/06/2015 11:43:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8798  bytes] ##########
 
 
___________________________________________________________________________________________________________________________________
Here is the Adwcleaner(r0).txt
 
# AdwCleaner v4.206 - Logfile created 05/06/2015 at 11:42:39
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : reginaldscott - HERMAN
# Running from : C:\Users\reginald\Desktop\phillip\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akjeeijengimhajmemcjoocganikbopa
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
File Found : C:\Users\reginald\Desktop\Continue Live Installation.lnk
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\System32\drivers\SPPD.sys
Folder Found : C:\Program Files (x86)\App Client
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\Kromtech
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
Folder Found : C:\Users\reginald\AppData\Local\GeniusBox
Folder Found : C:\Users\reginald\AppData\Local\globalUpdate
Folder Found : C:\Users\reginald\AppData\Local\Kromtech
Folder Found : C:\Users\reginald\AppData\LocalLow\zoomify
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Scheduled tasks ] *****
 
Task Found : Check Updates
Task Found : GeniusBox
Task Found : pcreg
Task Found : Validate Installation
Task Found : Yahoo! Search
Task Found : Yahoo! Search Updater
Task Found : WinZipDriverUpdaterRunAtStartup
Task Found : TidyNetwork Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Data Found : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\zoomify
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7369E393-7379-41E9-AB90-1506BF3C373B}
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKCU\Software\rttasks
Key Found : HKCU\Software\Search Extensions
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\UpdateFiles
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7369E393-7379-41E9-AB90-1506BF3C373B}
Key Found : [x64] HKCU\Software\Microsoft\KanarCore
Key Found : [x64] HKCU\Software\rttasks
Key Found : [x64] HKCU\Software\Search Extensions
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\UpdateFiles
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Microsoft\KanarCore
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ch&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0DtCyC0CtCyCyCtG0AtD0CyDtGzzyCtB0FtGzz0FtD0CtGyD0BtDyBtDzz0CyE0A0B0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1127455454&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "devtools": {
      "port_forwarding_config": {
         "8080": "localhost:8080"
      },
      "port_forwarding_default_set": true,
      "split_location": 218
   },
   "distribution": {
      "create_all_shortcuts": false,
      "msi": true,
      "skip_first_run_ui": true,
      "system_level": true,
      "verbose_logging": true
   },
   "download": {
      "directory_upgrade": true,
      "extensions_to_open": "jpg"
   },
   "enhanced_bookmarks_enabled": 0,
   "extensions": {
      "alerts": {
         "initialized": true
      },
      "autoupdate": {
         "last_check": "13077967284361147",
         "next_check": "13077993088010289"
      },
      "blacklistupdate": {
         "lastpingday": "13028716804240298",
         "version": "0.0.0.149"
      },
      "chrome_url_overrides": {
         "bookmarks": [ "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html" ]
      },
      "commands": {
 
      },
      "last_chrome_version": "38.0.2125.111",
      "settings": {
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_bit": true,
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13059204090782108",
            "last_launch_time": "13063738811795647",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Discover great apps, games, extensions and themes for Google Chrome.",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Web Store",
               "permissions": [ "webstorePrivate", "management", "system.cpu", "system.display", "system.memory", "system.network", "system.storage" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\web_store",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "booedmolknjekdopkepjjeckmjkdpfgl": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "chrome://settings-frame/*" ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13063892157480214",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": true,
                  "scripts": [ "bk.js" ]
               },
               "content_scripts": [ {
                  "js": [ "cs.js" ],
                  "matches": [ "chrome://settings-frame/*" ]
               } ],
               "content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
               "description": "Extutil",
               "incognito": "spanning",
               "key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Extutil",
               "permissions": [ "chrome://newtab/", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
               "version": "0.1"
            },
            "path": "C:\\Users\\reginald\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "dnhpdliibojhegemfjheidglijccjfmc": {
            "active_permissions": {
               "api": [ "hotwordPrivate", "tabs", "webConnectable" ],
               "explicit_host": [ "*://*.google.co.uk/*", "*://*.google.com/*", "*://*.google.de/*", "*://*.google.fr/*", "*://*.google.ru/*", "chrome://newtab/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13059204090785203",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": false,
                  "scripts": [ "manager.js" ]
               },
               "externally_connectable": {
                  "matches": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/" ]
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "32",
               "name": "hotword helper",
               "permissions": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/", "hotwordPrivate", "tabs" ],
               "version": "0.0.2.0"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\hotword_helper",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "eemcgdkfndhakfknompkggombfjjjeno": {
            "active_permissions": {
               "api": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs" ],
               "explicit_host": [ "chrome://favicon/*", "chrome://resources/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13059204090778941",
            "location": 5,
            "manifest": {
               "chrome_url_overrides": {
                  "bookmarks": "main.html"
               },
               "content_security_policy": "object-src 'none'; script-src chrome://resources 'self'",
               "description": "Bookmark Manager",
               "icons": {
 
               },
               "incognito": "split",
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Bookmark Manager",
               "permissions": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs", "chrome://favicon/", "chrome://resources/" ],
               "version": "0.1"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\bookmark_manager",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "ennkphjdgehloodpbhlhldgbnhmacadg": {
            "active_permissions": {
               "api": [  ],
               "explicit_host": [ "chrome://settings-frame/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [ "app.runtime.onLaunched" ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13059204090786202",
            "location": 5,
            "manifest": {
               "app": {
                  "background": {
                     "scripts": [ "settings_app.js" ]
                  }
               },
               "description": "Settings",
               "display_in_launcher": false,
               "icons": {
                  "128": "settings_app_icon_128.png",
                  "16": "settings_app_icon_16.png",
                  "32": "settings_app_icon_32.png",
                  "48": "settings_app_icon_48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB",
               "manifest_version": 2,
               "name": "Settings",
               "permissions": [ "chrome://settings-frame/" ],
               "version": "0.2"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\settings_app",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "running": false,
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "flpcjncodpafbgdpnkljologafpionhb": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation" ],
               "explicit_host": [ "chrome://favicon/*", "chrome://resources/*", "chrome://settings-frame/*", "hxxp://*.conduit.com/*
 
*************************
 
AdwCleaner[R0].txt - [22103 bytes] - [05/06/2015 11:42:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22163 bytes] ##########
 
_____________________________________________________________________________________________________________________
Here's the original Malwarebytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/4/2015
Scan Time: 10:10:49 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.19.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: reginaldscott
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405422
Time Elapsed: 1 hr, 15 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.GeniusBox.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GeniusBox, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [6a15fe9777139f97dbdf7d5e07fccf31], 
PUP.Optional.GeniusBox.C, HKLM\SOFTWARE\WOW6432NODE\GeniusBox, Quarantined, [2d529ff6c8c2a393652cbfb27c8908f8], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89D28E1D-D4D3-4085-8F5F-E57CE4E15232}, Quarantined, [2b544b4abbcf2d095d8a4828ea1ba35d], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AA721BEE-6830-41D5-9401-6B0A12BC922F}, Quarantined, [9ae54352296172c4499c3d3338cd649c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC33E2CE-DFB8-4698-BABA-8150E5D539B8}, Quarantined, [cab56c295f2b0432b5311b5532d3af51], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD78E78D-CBF1-4437-949D-93A86A8DE23F}, Quarantined, [a6d9a1f4e7a3a78f02e4521ec73ea15f], 
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [7d02f1a4acded561dbe0e1faeb189769], 
 
Registry Values: 14
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [6a15fe9777139f97dbdf7d5e07fccf31]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [0c73e4b1a2e8ba7c9f1be8f314ef26da]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|FaviconPath, C:\Program Files (x86)\WSE_Taplika\\FavIcon.ico, Quarantined, [0c73bbdaa4e642f4b703f2e98a7955ab]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Taplika, Quarantined, [6619801585054de9f9c186558b783bc5]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Taplika, Quarantined, [afd03d587515e84ecfebb82320e3966a]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89d28e1d-d4d3-4085-8f5f-e57ce4e15232}|AppName, Supreme Savings-codedownloader.exe, Quarantined, [2b544b4abbcf2d095d8a4828ea1ba35d]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{aa721bee-6830-41d5-9401-6b0a12bc922f}|AppName, SuperLyrics-1-bg.exe, Quarantined, [9ae54352296172c4499c3d3338cd649c]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ac33e2ce-dfb8-4698-baba-8150e5d539b8}|AppName, SuperLyrics-1-buttonutil.exe, Quarantined, [cab56c295f2b0432b5311b5532d3af51]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cd78e78d-cbf1-4437-949d-93a86a8de23f}|AppName, Supreme Savings-buttonutil.exe, Quarantined, [a6d9a1f4e7a3a78f02e4521ec73ea15f]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [7d02f1a4acded561dbe0e1faeb189769]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [b8c74055c7c3d462b10a3f9cb64d36ca]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|FaviconPath, C:\Program Files (x86)\WSE_Taplika\\FavIcon.ico, Quarantined, [83fc5045fa90171fe9d227b455ae837d]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Taplika, Quarantined, [7d02f69f711914224576904b4bb86799]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Taplika, Quarantined, [86f93065890161d503b87962f3100000]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources, Quarantined, [3748860ff991112537b130412ed74eb2], 
 
Files: 31
PUP.Optional.Tuto4PC.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{FD4559CD-F75D-4919-9447-102D2B3403E9}, Quarantined, [ccb32a6bb7d379bd79091c413acca45c], 
PUP.Optional.Tuto4PC.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{49EB838B-D04F-4D36-A65C-49FC5ADAF3B0}, Quarantined, [ccb382134a40ee48b3cfacb1d333d927], 
PUP.Optional.Tuto4PC.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{111EAB81-843D-4A91-9F76-EB8DD60D2650}, Quarantined, [a9d65243ee9cd462acd6401d0ff7e020], 
PUP.Optional.DownloadAdmin.C, C:\ProgramData\Comodo\Cis\Quarantine\data\{2FF9DDE9-5876-4038-874A-CE93400C1AAA}, Quarantined, [5f2043526426ea4c68b24c1242c4c937], 
PUP.Optional.InstallCore.SID.C, C:\ProgramData\Comodo\Cis\Quarantine\data\{06C1707D-B549-4163-9EAC-2FB9BED4DC59}, Quarantined, [e897d1c44545c86e8865e67715f19c64], 
PUP.Optional.OutBrowse.C, C:\Users\reginald\AppData\Local\Temp\bcicabececc.exe, Quarantined, [5e21f99c018937ff660e9dc0da2ca55b], 
PUP.Optional.BundleInstaller.A, C:\Users\reginald\Downloads\setup (1).exe, Quarantined, [4e31d4c1731739fd2024b1abaa584fb1], 
PUP.Optional.GeniusBox.C, C:\Windows\System32\Tasks\GeniusBox, Quarantined, [037c3d583e4c78be8b043b36887db54b], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\client.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\certmanager.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Client.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\clientdata.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\cl_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\makecert.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\settings.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Tasks.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\tasks.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\ts_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Uninstall.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\uninstall.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\un_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Updater.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\updater.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\up_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\certutil.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libnspr4.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libplc4.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libplds4.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\nss3.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\smime3.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\softokn3.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
I had already deleted the other log files.

Edited by allenflame, 05 June 2015 - 12:13 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 06 June 2015 - 04:51 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users