Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware, PC HelpDesk PopUps, and Issues using Google Chrome


  • This topic is locked This topic is locked
6 replies to this topic

#1 mkmcguire

mkmcguire

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 24 November 2015 - 08:10 PM

Anytime I use the browser, there is always an "Ads by Google" that is "powered by Custom Search" above my content. My content is littered with Ads by Cookingware and Ad Choices. I try to open Google Chrome and it never opens. I have tried to uninstall some of the programs and usually they reappear - some of them are identified in the logs (i.e. EnjOyCoeuepoNe, DiiggiSavEr, SaaveLots). Right now, those aren't showing up as an option to uninstall, however, a program called "Cooking Image" shows up as having been installed on December 26, 2013 - no way, I've checked and checked many times this year and that wasn't there before and is now.

 

When I try to utilize a website or search, clicking on a link often opens a full page pop up that redirects me to other PC security pages to create an account with them. Sometimes I also get a pop up that talks to me telling me my computer security has been breached and I need to call some 1-800 number to fix it.

 

Thanks for any help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Michelle (administrator) on EVANSCOMPUTER (24-11-2015 19:39:10)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(AMD) C:\Windows\System32\atiesrxx.exe
Failed to access process -> dwm.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
() C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe
Failed to access process -> dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe
() C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
() C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Failed to access process -> WmiPrvSE.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8465112 2015-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\MountPoints2: {633a7aa3-008f-11e3-be72-806e6f6e6963} - "E:\Autorun.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2(1).lnk [2015-01-16]
ShortcutTarget: Doom 2(1).lnk -> C:\ProgramData\{b1dc3030-a499-9805-b1dc-c3030a49c0c2}\Doom 2(1).exe ()
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2.lnk [2015-01-16]
ShortcutTarget: Doom 2.lnk -> C:\ProgramData\{917fdbdd-f1dd-063a-917f-fdbddf1d6f77}\Doom 2.exe ()
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk [2015-01-22]
ShortcutTarget: minecraftdl_6148.lnk -> C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59922;https=127.0.0.1:59922
ProxyServer: [S-1-5-21-2051946452-4277247624-1480437364-1002] => http=127.0.0.1:59922;https=127.0.0.1:59922
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B3C04820-3528-471D-A086-5B65310EA8D2}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyByD0E0CyC0B0EtCyCzztN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyD0A0Fzy0E0FtG0FtByE0CtG0ByDyEyBtG0A0DyD0FtGtDtDtD0DyD0FtA0Dzy0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0CtAtC0CyByBtGzz0CtD0EtGyE0B0DtAtGzyyDyByEtG0EyDzy0B0AyB0CzzyB0Dzy0B2Q&cr=514375083&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyByD0E0CyC0B0EtCyCzztN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyD0A0Fzy0E0FtG0FtByE0CtG0ByDyEyBtG0A0DyD0FtGtDtDtD0DyD0FtA0Dzy0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0CtAtC0CyByBtGzz0CtD0EtGyE0B0DtAtGzyyDyByEtG0EyDzy0B0AyB0CzzyB0Dzy0B2Q&cr=514375083&ir=
SearchScopes: HKLM -> {896E8C44-A4D1-4FE8-B4AA-254978B9506B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a15946-601&apn_uid=6761447492444318&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {896E8C44-A4D1-4FE8-B4AA-254978B9506B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I68BC63C2-A8BD-40B6-851D-7C5D2B780673&SearchSource=58&CUI=&UM=8&UP=SPB3EDABBB-DB59-4BD7-A9D4-34CDF7CBAC4F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I68BC63C2-A8BD-40B6-851D-7C5D2B780673&SearchSource=58&CUI=&UM=8&UP=SPB3EDABBB-DB59-4BD7-A9D4-34CDF7CBAC4F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {896E8C44-A4D1-4FE8-B4AA-254978B9506B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: RanndomPriuce -> {CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC} -> C:\Program Files (x86)\RanndomPriuce\UBDJ4SNr7nSDnH.x64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: RanndomPriuce -> {CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC} -> C:\Program Files (x86)\RanndomPriuce\UBDJ4SNr7nSDnH.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-10-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-10-08] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-07]
FF Extension: AdBlocker Manger - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu [2015-08-18] [not signed]
FF Extension: RRaundomPrice - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com [2015-08-18] [not signed]
FF Extension: MinimUmPPrice - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org [2015-07-27] [not signed]
FF Extension: GreeAtaSave44U - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org [2015-07-29] [not signed]
FF Extension: SohoPDrop - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com [2015-07-30] [not signed]
FF Extension: CheeApMe - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com [2015-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-11-24] [not signed]
FF HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js [2015-09-08]

Chrome:
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-05]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-14]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Norton Identity Safe) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-14]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-05]
CHR Extension: () - C:\Users\Michelle\AppData\Local\Cooking Image\Component [2015-11-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-25] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-25] (CyberLink)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 Helpless Shoe; C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe [8016324 2015-07-22] () [File not signed] <==== ATTENTION
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
R2 MaintainerSvc8.88.139205; C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe [128240 2015-10-29] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-05-07] (Realtek Semiconductor)
R2 Superficial Breath; C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe [8015968 2015-06-30] () [File not signed] <==== ATTENTION
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-07-03] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [66560 2015-07-03] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-05-07] (Advanced Micro Devices, INC.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2015-05-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-05-07] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-03] (Symantec Corporation) [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-07] (REALiX™)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.003\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.003\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-05-07] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R3 SymEFASI; C:\Windows\system32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-09] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 {10ca4725-c218-4422-af63-be868930be98}Gw64; system32\drivers\{10ca4725-c218-4422-af63-be868930be98}Gw64.sys [X]
S1 {34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64; system32\drivers\{34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64.sys [X]
S1 {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64; system32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys [X]
S1 {5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64; system32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys [X]
S1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; system32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [X]
S1 {96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64; system32\drivers\{96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64.sys [X]
S1 {fab825c7-4412-482f-863b-6c89bac5a302}Gw64; system32\drivers\{fab825c7-4412-482f-863b-6c89bac5a302}Gw64.sys [X]
S1 {fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64; system32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:39 - 2015-11-24 19:40 - 00027208 _____ C:\Users\Michelle\Downloads\FRST.txt
2015-11-24 19:38 - 2015-11-24 19:39 - 00000000 ____D C:\FRST
2015-11-24 19:38 - 2015-11-24 19:38 - 02348544 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2015-11-24 18:55 - 2015-11-24 18:55 - 05640282 _____ (Swearware) C:\Users\Michelle\Downloads\ComboFix (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:15 - 2015-10-08 18:10 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 19:15 - 2015-10-08 18:10 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-24 19:05 - 2014-01-21 15:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 19:02 - 2013-11-14 02:28 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-24 18:58 - 2015-07-03 10:30 - 00000442 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-11-24 18:58 - 2014-05-06 17:55 - 00000000 ___RD C:\Users\Michelle\OneDrive
2015-11-24 18:57 - 2015-07-04 17:14 - 00007092 _____ C:\WINDOWS\setupact.log
2015-11-24 18:57 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 18:57 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 18:56 - 2013-12-23 11:08 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-24 18:44 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-24 18:43 - 2013-12-03 18:32 - 00000000 ____D C:\Users\Michelle\Documents\Youcam
2015-11-24 18:41 - 2013-12-23 11:28 - 01096700 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 18:40 - 2013-12-23 11:15 - 00000000 ____D C:\Users\Michelle
2015-11-24 17:51 - 2015-08-14 16:51 - 00000374 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job
2015-11-20 17:21 - 2015-07-04 17:14 - 00015504 _____ C:\WINDOWS\PFRO.log
2015-11-19 18:49 - 2014-11-15 08:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-19 17:47 - 2013-12-03 18:37 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2051946452-4277247624-1480437364-1002
2015-11-19 17:29 - 2015-10-13 18:18 - 00000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2015-11-15 13:05 - 2014-01-21 15:12 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-15 12:48 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-29 14:32 - 2014-11-15 11:13 - 00000000 ____D C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69

==================== Files in the root of some directories =======

2015-07-13 16:11 - 2015-07-30 12:46 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-05 10:05 - 2015-07-13 08:14 - 0000020 _____ () C:\Users\Michelle\AppData\Roaming\appdataFr2.bin
2015-07-13 16:12 - 2015-09-08 15:36 - 0000024 _____ () C:\Users\Michelle\AppData\Roaming\appdataFr25.bin
2014-11-15 09:46 - 2014-11-19 15:31 - 0000365 _____ () C:\Users\Michelle\AppData\Roaming\LiveSupport.exe_log.txt
2014-11-15 09:46 - 2014-11-19 15:31 - 0000096 _____ () C:\Users\Michelle\AppData\Roaming\regsvr32.exe_log.txt
2014-10-17 11:28 - 2014-10-19 05:29 - 0000136 _____ () C:\Users\Michelle\AppData\Roaming\WB.CFG
2014-10-19 05:28 - 2014-10-19 05:28 - 0000001 _____ () C:\Users\Michelle\AppData\Local\DSI.DAT

Some files in TEMP:
====================
C:\Users\Michelle\AppData\Local\Temp\9700.exe
C:\Users\Michelle\AppData\Local\Temp\A2A8.exe
C:\Users\Michelle\AppData\Local\Temp\AD85.exe
C:\Users\Michelle\AppData\Local\Temp\D2B1.exe
C:\Users\Michelle\AppData\Local\Temp\D7F1.exe
C:\Users\Michelle\AppData\Local\Temp\EAD1C6C.exe
C:\Users\Michelle\AppData\Local\Temp\EAD5B41.exe
C:\Users\Michelle\AppData\Local\Temp\EAD65AA.exe
C:\Users\Michelle\AppData\Local\Temp\EAD65D1.exe
C:\Users\Michelle\AppData\Local\Temp\EAD7903.exe
C:\Users\Michelle\AppData\Local\Temp\EADA34F.exe
C:\Users\Michelle\AppData\Local\Temp\EADEAEC.exe
C:\Users\Michelle\AppData\Local\Temp\EADFD03.exe
C:\Users\Michelle\AppData\Local\Temp\supoptsetup.exe
C:\Users\Michelle\AppData\Local\Temp\UninstallEADM.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-24 17:16

==================== End of FRST.txt ============================Attached File  Addition.txt   34.97KB   3 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 26 November 2015 - 10:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You are running the Farbar programs from the folder in bold.
C:\Users\Michelle\Downloads

Please move or copy the program to your Desktop.
Place the Fixlist.txt file on the Desktop also. Execute the fix.

Just to make sure if these programs in bold are listed in the Control Panel > Programs and Features delete them

Cooking Image (HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.7.9 - Plugin Call corp) <==== ATTENTION
COOupaExtensioin (HKLM-x32\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version: - "") <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
DiiggiSavEr (HKLM-x32\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version: - "") <==== ATTENTION
DisicountExTensi (HKLM-x32\...\{B138259A-351E-33FA-2726-8D71704F1DA9}) (Version: - "") <==== ATTENTION
EnjOyCoeuepoNe (HKLM-x32\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version: - "") <==== ATTENTION
Interenet Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version: - BullPoint) <==== ATTENTION
ReobbouSaver (HKLM-x32\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION
SaaveLots (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version: - "") <==== ATTENTION
Wajam (HKLM-x32\...\WNEnhance) (Version: 2.24.2.6 (i2.6) - WNEnhance) <==== ATTENTION
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe
() C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe
() C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe
() C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk [2015-01-22]
ShortcutTarget: minecraftdl_6148.lnk -> C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyByD0E0CyC0B0EtCyCzztN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyD0A0Fzy0E0FtG0FtByE0CtG0ByDyEyBtG0A0DyD0FtGtDtDtD0DyD0FtA0Dzy0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0CtAtC0CyByBtGzz0CtD0EtGyE0B0DtAtGzyyDyByEtG0EyDzy0B0AyB0CzzyB0Dzy0B2Q&cr=514375083&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyByD0E0CyC0B0EtCyCzztN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyD0A0Fzy0E0FtG0FtByE0CtG0ByDyEyBtG0A0DyD0FtGtDtDtD0DyD0FtA0Dzy0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0CtAtC0CyByBtGzz0CtD0EtGyE0B0DtAtGzyyDyByEtG0EyDzy0B0AyB0CzzyB0Dzy0B2Q&cr=514375083&ir=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a15946-601&apn_uid=6761447492444318&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I68BC63C2-A8BD-40B6-851D-7C5D2B780673&SearchSource=58&CUI=&UM=8&UP=SPB3EDABBB-DB59-4BD7-A9D4-34CDF7CBAC4F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I68BC63C2-A8BD-40B6-851D-7C5D2B780673&SearchSource=58&CUI=&UM=8&UP=SPB3EDABBB-DB59-4BD7-A9D4-34CDF7CBAC4F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
BHO: RanndomPriuce -> {CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC} -> C:\Program Files (x86)\RanndomPriuce\UBDJ4SNr7nSDnH.x64.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: RanndomPriuce -> {CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC} -> C:\Program Files (x86)\RanndomPriuce\UBDJ4SNr7nSDnH.dll => No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-07]
FF Extension: AdBlocker Manger - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu [2015-08-18] [not signed]
FF Extension: RRaundomPrice - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com [2015-08-18] [not signed]
FF Extension: MinimUmPPrice - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org [2015-07-27] [not signed]
FF Extension: GreeAtaSave44U - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org [2015-07-29] [not signed]
FF Extension: SohoPDrop - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com [2015-07-30] [not signed]
FF Extension: CheeApMe - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com [2015-07-14] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js [2015-09-08]
CHR Extension: () - C:\Users\Michelle\AppData\Local\Cooking Image\Component [2015-11-24]
R2 Helpless Shoe; C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe [8016324 2015-07-22] () [File not signed] <==== ATTENTION
R2 MaintainerSvc8.88.139205; C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe [128240 2015-10-29] ()
R2 Superficial Breath; C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe [8015968 2015-06-30] () [File not signed] <==== ATTENTION
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S1 {10ca4725-c218-4422-af63-be868930be98}Gw64; system32\drivers\{10ca4725-c218-4422-af63-be868930be98}Gw64.sys [X]
S1 {34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64; system32\drivers\{34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64.sys [X]
S1 {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64; system32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys [X]
S1 {5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64; system32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys [X]
S1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; system32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [X]
S1 {96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64; system32\drivers\{96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64.sys [X]
S1 {fab825c7-4412-482f-863b-6c89bac5a302}Gw64; system32\drivers\{fab825c7-4412-482f-863b-6c89bac5a302}Gw64.sys [X]
S1 {fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64; system32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys [X]
Task: {1D06368C-2FC9-426E-A2E1-BE4FDB5B6F64} - System32\Tasks\Digital Sites => C:\Users\Michelle\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6CFFE6EB-0ACC-4370-9C28-0583789D353C} - \LaunchSignup -> No File <==== ATTENTION
Task: {947FA308-5F8F-4855-B93D-30ECC8839AD9} - System32\Tasks\avayvaxvaa => C:\Users\Michelle\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2015-02-19] () <==== ATTENTION
Task: {A5830310-3E3E-4031-98A3-7803B972EF1A} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{dc472a44-b649-d4e1-dc47-72a44b64a912}\hqghumeaylnlf.exe [2014-08-14] (Super PC Tools Ltd) <==== ATTENTION
Task: {C5569032-5CD3-49A9-A479-8CF3D63C1DD4} - \Driver Booster SkipUAC (Michelle) -> No File <==== ATTENTION
Task: {D7C30038-FCD4-4BC8-8FC2-C2BE66DF05A3} - System32\Tasks\Cooking Image => Rundll32.exe "C:\Users\Michelle\AppData\Local\Cooking Image\Bin\CookingImage.dll",#3 <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{dc472a44-b649-d4e1-dc47-72a44b64a912}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Michelle\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files (x86)\Helpless Shoe
C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69
C:\Program Files (x86)\Superficial Breath
C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}
C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk
C:\Program Files (x86)\RanndomPriuce
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com
C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js
C:\Users\Michelle\AppData\Local\Cooking Image
C:\Users\Michelle\AppData\Local\Temp\9700.exe
C:\Users\Michelle\AppData\Local\Temp\A2A8.exe
C:\Users\Michelle\AppData\Local\Temp\AD85.exe
C:\Users\Michelle\AppData\Local\Temp\D2B1.exe
C:\Users\Michelle\AppData\Local\Temp\D7F1.exe
C:\Users\Michelle\AppData\Local\Temp\EAD1C6C.exe
C:\Users\Michelle\AppData\Local\Temp\EAD5B41.exe
C:\Users\Michelle\AppData\Local\Temp\EAD65AA.exe
C:\Users\Michelle\AppData\Local\Temp\EAD65D1.exe
C:\Users\Michelle\AppData\Local\Temp\EAD7903.exe
C:\Users\Michelle\AppData\Local\Temp\EADA34F.exe
C:\Users\Michelle\AppData\Local\Temp\EADEAEC.exe
C:\Users\Michelle\AppData\Local\Temp\EADFD03.exe
C:\Users\Michelle\AppData\Local\Temp\supoptsetup.exe
C:\Users\Michelle\AppData\Local\Temp\UninstallEADM.dll

End
Save the file as fixlist.txt on the Desktop.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

Restart your computer normally.
Run the Farbar tool one more time and post a fresh FRST.txt log for my review.

Let me know what problem persists.

#3 mkmcguire

mkmcguire
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 27 November 2015 - 09:03 AM

Hi, thanks so much for the response. I followed all the instructions and have attached the logs.  I am still having an issue with ads on every web page I go to. The pop ups are gone, but the pages still have ads that are not part of the websites. I double checked this by going to the same sites on another computer and there were no ads.

 

Also, google chrome has replaced IE, which I'm not sure how it happened. I use Mozilla Firefox as my default browser.

Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Michelle (2015-11-26 11:23:59) Run:1
Running from C:\Users\Michelle\Desktop
Loaded Profiles: Michelle (Available Profiles: Michelle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe
() C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe
() C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe
() C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk [2015-01-22]
ShortcutTarget: minecraftdl_6148.lnk -> C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyByD0E0CyC0B0EtCyCzztN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyD0A0Fzy0E0FtG0FtByE0CtG0ByDyEyBtG0A0DyD0FtGtDtDtD0DyD0FtA0Dzy0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0CtAtC0CyByBtGzz0CtD0EtGyE0B0DtAtGzyyDyByEtG0EyDzy0B0AyB0CzzyB0Dzy0B2Q&cr=514375083&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyByD0E0CyC0B0EtCyCzztN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyD0A0Fzy0E0FtG0FtByE0CtG0ByDyEyBtG0A0DyD0FtGtDtDtD0DyD0FtA0Dzy0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0CtAtC0CyByBtGzz0CtD0EtGyE0B0DtAtGzyyDyByEtG0EyDzy0B0AyB0CzzyB0Dzy0B2Q&cr=514375083&ir=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a15946-601&apn_uid=6761447492444318&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I68BC63C2-A8BD-40B6-851D-7C5D2B780673&SearchSource=58&CUI=&UM=8&UP=SPB3EDABBB-DB59-4BD7-A9D4-34CDF7CBAC4F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I68BC63C2-A8BD-40B6-851D-7C5D2B780673&SearchSource=58&CUI=&UM=8&UP=SPB3EDABBB-DB59-4BD7-A9D4-34CDF7CBAC4F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74
BHO: RanndomPriuce -> {CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC} -> C:\Program Files (x86)\RanndomPriuce\UBDJ4SNr7nSDnH.x64.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: RanndomPriuce -> {CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC} -> C:\Program Files (x86)\RanndomPriuce\UBDJ4SNr7nSDnH.dll => No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=20494&r=2015/01/16&hid=16593787892407536128&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-07]
FF Extension: AdBlocker Manger - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu [2015-08-18] [not signed]
FF Extension: RRaundomPrice - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com [2015-08-18] [not signed]
FF Extension: MinimUmPPrice - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org [2015-07-27] [not signed]
FF Extension: GreeAtaSave44U - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org [2015-07-29] [not signed]
FF Extension: SohoPDrop - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com [2015-07-30] [not signed]
FF Extension: CheeApMe - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com [2015-07-14] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js [2015-09-08]
CHR Extension: () - C:\Users\Michelle\AppData\Local\Cooking Image\Component [2015-11-24]
R2 Helpless Shoe; C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe [8016324 2015-07-22] () [File not signed] <==== ATTENTION
R2 MaintainerSvc8.88.139205; C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe [128240 2015-10-29] ()
R2 Superficial Breath; C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe [8015968 2015-06-30] () [File not signed] <==== ATTENTION
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S1 {10ca4725-c218-4422-af63-be868930be98}Gw64; system32\drivers\{10ca4725-c218-4422-af63-be868930be98}Gw64.sys [X]
S1 {34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64; system32\drivers\{34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64.sys [X]
S1 {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64; system32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys [X]
S1 {5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64; system32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys [X]
S1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; system32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [X]
S1 {96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64; system32\drivers\{96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64.sys [X]
S1 {fab825c7-4412-482f-863b-6c89bac5a302}Gw64; system32\drivers\{fab825c7-4412-482f-863b-6c89bac5a302}Gw64.sys [X]
S1 {fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64; system32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys [X]
Task: {1D06368C-2FC9-426E-A2E1-BE4FDB5B6F64} - System32\Tasks\Digital Sites => C:\Users\Michelle\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6CFFE6EB-0ACC-4370-9C28-0583789D353C} - \LaunchSignup -> No File <==== ATTENTION
Task: {947FA308-5F8F-4855-B93D-30ECC8839AD9} - System32\Tasks\avayvaxvaa => C:\Users\Michelle\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2015-02-19] () <==== ATTENTION
Task: {A5830310-3E3E-4031-98A3-7803B972EF1A} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{dc472a44-b649-d4e1-dc47-72a44b64a912}\hqghumeaylnlf.exe [2014-08-14] (Super PC Tools Ltd) <==== ATTENTION
Task: {C5569032-5CD3-49A9-A479-8CF3D63C1DD4} - \Driver Booster SkipUAC (Michelle) -> No File <==== ATTENTION
Task: {D7C30038-FCD4-4BC8-8FC2-C2BE66DF05A3} - System32\Tasks\Cooking Image => Rundll32.exe "C:\Users\Michelle\AppData\Local\Cooking Image\Bin\CookingImage.dll",#3 <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{dc472a44-b649-d4e1-dc47-72a44b64a912}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Michelle\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files (x86)\Helpless Shoe
C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69
C:\Program Files (x86)\Superficial Breath
C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}
C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk
C:\Program Files (x86)\RanndomPriuce
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com
C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js
C:\Users\Michelle\AppData\Local\Cooking Image
C:\Users\Michelle\AppData\Local\Temp\9700.exe
C:\Users\Michelle\AppData\Local\Temp\A2A8.exe
C:\Users\Michelle\AppData\Local\Temp\AD85.exe
C:\Users\Michelle\AppData\Local\Temp\D2B1.exe
C:\Users\Michelle\AppData\Local\Temp\D7F1.exe
C:\Users\Michelle\AppData\Local\Temp\EAD1C6C.exe
C:\Users\Michelle\AppData\Local\Temp\EAD5B41.exe
C:\Users\Michelle\AppData\Local\Temp\EAD65AA.exe
C:\Users\Michelle\AppData\Local\Temp\EAD65D1.exe
C:\Users\Michelle\AppData\Local\Temp\EAD7903.exe
C:\Users\Michelle\AppData\Local\Temp\EADA34F.exe
C:\Users\Michelle\AppData\Local\Temp\EADEAEC.exe
C:\Users\Michelle\AppData\Local\Temp\EADFD03.exe
C:\Users\Michelle\AppData\Local\Temp\supoptsetup.exe
C:\Users\Michelle\AppData\Local\Temp\UninstallEADM.dll

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Helpless Shoe\Helpless Shoe.exe => No running process found
C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69\maintainer.exe => No running process found
C:\Program Files (x86)\Superficial Breath\Superficial Breath.exe => No running process found
C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe => No running process found
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk => moved successfully
C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801}\minecraftdl_6148.exe => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC}" => key removed successfully
"HKCR\CLSID\{CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{CB7D1EA3-D2A5-4695-8F93-0E2BEC2C70BC}" => key removed successfully
Firefox DefaultSearchEngine,S removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox SearchEngineOrder.1,S removed successfully
Firefox SelectedSearchEngine,S removed successfully
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => moved successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu => moved successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu => path removed successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com => moved successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org => moved successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org => moved successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com => moved successfully
C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com => moved successfully
"C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js" => not found.
C:\Users\Michelle\AppData\Local\Cooking Image\Component => not found
Helpless Shoe => service removed successfully
MaintainerSvc8.88.139205 => service removed successfully
Superficial Breath => service removed successfully
LiveUpdateSvc => service removed successfully
TrustedInstaller => service removed successfully
WdNisSvc => service removed successfully
WinDefend => service removed successfully
{10ca4725-c218-4422-af63-be868930be98}Gw64 => service removed successfully
{34a9de73-8119-4710-8938-8d3ebf75d78f}Gw64 => service removed successfully
{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64 => service removed successfully
{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64 => service removed successfully
{733fb217-c049-41ba-9504-3f2045e61977}Gw64 => service removed successfully
{96e33d35-ddf8-48ab-969e-bbbef0ef6852}Gw64 => service removed successfully
{fab825c7-4412-482f-863b-6c89bac5a302}Gw64 => service removed successfully
{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D06368C-2FC9-426E-A2E1-BE4FDB5B6F64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D06368C-2FC9-426E-A2E1-BE4FDB5B6F64}" => key removed successfully
C:\WINDOWS\System32\Tasks\Digital Sites => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CFFE6EB-0ACC-4370-9C28-0583789D353C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CFFE6EB-0ACC-4370-9C28-0583789D353C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{947FA308-5F8F-4855-B93D-30ECC8839AD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{947FA308-5F8F-4855-B93D-30ECC8839AD9}" => key removed successfully
C:\WINDOWS\System32\Tasks\avayvaxvaa => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvaxvaa" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5830310-3E3E-4031-98A3-7803B972EF1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5830310-3E3E-4031-98A3-7803B972EF1A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[8da6] => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6]" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5569032-5CD3-49A9-A479-8CF3D63C1DD4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5569032-5CD3-49A9-A479-8CF3D63C1DD4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Michelle)" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7C30038-FCD4-4BC8-8FC2-C2BE66DF05A3} => key not found.
C:\WINDOWS\System32\Tasks\Cooking Image => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cooking Image => key not found.
C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job => moved successfully
C:\WINDOWS\Tasks\Digital Sites.job => moved successfully
C:\Program Files (x86)\Helpless Shoe => moved successfully
C:\ProgramData\5a74d264-271e-459c-a36e-f924375a4a69 => moved successfully
C:\Program Files (x86)\Superficial Breath => moved successfully
C:\ProgramData\{007a1200-5a6e-3325-007a-a12005a64801} => moved successfully
"C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\minecraftdl_6148.lnk" => not found.
"C:\Program Files (x86)\RanndomPriuce" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml" => not found.
"C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\extensions\ulgmhlhegzzd@lagtlxkkawhejwfrfc.edu" => not found.
"C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\6sglI@BZrQ.com" => not found.
"C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\T@FtlNGJMMW.org" => not found.
"C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\TrD@Gw.org" => not found.
"C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\uH9TP@4.com" => not found.
"C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\Extensions\Y@KzJK.com" => not found.
"C:\Program Files (x86)\mozilla firefox\defaults\pref\!E7710C11424A6455F09A4EE19CA0F618E771.js" => not found.
C:\Users\Michelle\AppData\Local\Cooking Image => moved successfully
C:\Users\Michelle\AppData\Local\Temp\9700.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\A2A8.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\AD85.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\D2B1.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\D7F1.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EAD1C6C.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EAD5B41.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EAD65AA.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EAD65D1.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EAD7903.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EADA34F.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EADEAEC.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\EADFD03.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\supoptsetup.exe => moved successfully
C:\Users\Michelle\AppData\Local\Temp\UninstallEADM.dll => moved successfully
EmptyTemp: => 1.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:28:42 ====

 

 

 

 

 

 

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 08:28:02
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Michelle - EVANSCOMPUTER
# Running from : F:\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Google Drive Quick Create
[-] Folder Deleted : C:\Program Files (x86)\50Coupounas
[-] Folder Deleted : C:\ProgramData\savernet
[-] Folder Deleted : C:\ProgramData\WildWestCoupon
[-] Folder Deleted : C:\ProgramData\BoostSoftware
[-] Folder Deleted : C:\ProgramData\NoMore Ads
[-] Folder Deleted : C:\ProgramData\deaal4real
[-] Folder Deleted : C:\ProgramData\DigiCoupOna
[-] Folder Deleted : C:\ProgramData\EoxxsttraCCouuponn
[-] Folder Deleted : C:\ProgramData\FineDealSOft
[-] Folder Deleted : C:\ProgramData\FunaDealS
[-] Folder Deleted : C:\ProgramData\GoldenCoupon
[-] Folder Deleted : C:\ProgramData\Saaviinshop
[!] Folder Not Deleted : C:\ProgramData\savernet
[-] Folder Deleted : C:\ProgramData\262f0fa2cf509741
[-] Folder Deleted : C:\ProgramData\2751435089283946305
[-] Folder Deleted : C:\ProgramData\{917fdbdd-f1dd-063a-917f-fdbddf1d6f77}
[-] Folder Deleted : C:\ProgramData\{b1dc3030-a499-9805-b1dc-c3030a49c0c2}
[-] Folder Deleted : C:\ProgramData\{dc472a44-b649-d4e1-dc47-72a44b64a912}
[-] Folder Deleted : C:\Users\Michelle\AppData\Local\avayvaxvaa
[-] Folder Deleted : C:\Users\Michelle\AppData\Local\StormFall
[-] Folder Deleted : C:\Users\Michelle\AppData\Roaming\DigitalSites
[-] Folder Deleted : C:\Users\Michelle\AppData\Roaming\StormFall
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Michelle\AppData\Roaming\LiveSupport.exe_log.txt
[-] File Deleted : C:\Users\Michelle\AppData\Roaming\regsvr32.exe_log.txt
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\WINDOWS\SysNative\drivers\SPPD.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\fb789e01-6c46-0f72-c395-599cb50a41c2
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EF8FDD8-31AB-4FE2-9E0F-B518E9B8A216}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F0B0EA6-8B44-4403-BC63-EFA337428F7B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41C12944-4FC4-48DE-ABB1-C2D0A2BB1E55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{433DE200-2815-4B62-B283-3EEA1D121024}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F4D5F81-2605-483F-B05C-4A544D00F0CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{76C5E0A3-B072-4ED0-AAB1-E8B6F063155A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8772EB82-7261-4CD9-8A86-DE155B461D9E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E76BEF1-650D-4C37-92CA-301FE1715505}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CA4C20-91B1-42E7-85F9-6834D62CD41C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7D7CEFD-AEAC-4C31-B0C5-7F44A722CD71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8894C97-930A-4654-8526-9C2A47F1DDEB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE293C34-0380-4BEB-B499-003F0A34605C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8583CD-B5DB-4C6F-859B-A878C3214770}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{94D4476C-892A-4FF2-AE91-1A5FB2D2F126}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BD601133-B03F-4C73-B593-DB2322CBD22E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0EF8FDD8-31AB-4FE2-9E0F-B518E9B8A216}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F0B0EA6-8B44-4403-BC63-EFA337428F7B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41C12944-4FC4-48DE-ABB1-C2D0A2BB1E55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{433DE200-2815-4B62-B283-3EEA1D121024}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F4D5F81-2605-483F-B05C-4A544D00F0CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{76C5E0A3-B072-4ED0-AAB1-E8B6F063155A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8772EB82-7261-4CD9-8A86-DE155B461D9E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E76BEF1-650D-4C37-92CA-301FE1715505}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CA4C20-91B1-42E7-85F9-6834D62CD41C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7D7CEFD-AEAC-4C31-B0C5-7F44A722CD71}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8894C97-930A-4654-8526-9C2A47F1DDEB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE293C34-0380-4BEB-B499-003F0A34605C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC8583CD-B5DB-4C6F-859B-A878C3214770}
[-] Key Deleted : HKCU\Software\dsiteproducts
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\Wajam
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\StormWatch
[-] Key Deleted : HKCU\Software\WajIEnhance
[-] Key Deleted : HKCU\Software\WaInterEnhance
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\BoostSoftware
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{614925F9-841A-53FE-A28F-DC30FA07239B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FA77785-00C3-A920-6452-D4FE5C9C129F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Web browsers ] *****

[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.46mmCwU4xZcXniC3.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.53dtl2cVISoBOccE.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.9b1domgWFzve6ViA.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1url.indexOf(\"acebook\")>-[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.KyFjCmCNNbZ0cmEe.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.LWi2eRfj3I9YMqkt.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.eTjJLnCASxFGegXZ.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.pjEpzaE58Z5ZPJiC.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.rfdtMBWgm9W48vpZ.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":224207818,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224207819,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.BUTTON_STRUCTURE", "[{\"b\":223872518,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223872519,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.yA8zBNHAsHpOFZLu.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("extensions.yHKybcw9ZvUYMyTq.scode", "(function(){try{if(window.location.href.indexOf(\"rjg8pjr6pdC5pjs9rdC8rHgFrTY\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[-] [C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15216 bytes] ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Michelle (administrator) on EVANSCOMPUTER (27-11-2015 08:40:48)
Running from C:\Users\Michelle\Desktop
Loaded Profiles: Michelle (Available Profiles: Michelle)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8465112 2015-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\MountPoints2: {633a7aa3-008f-11e3-be72-806e6f6e6963} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2(1).lnk [2015-01-16]
ShortcutTarget: Doom 2(1).lnk -> C:\ProgramData\{b1dc3030-a499-9805-b1dc-c3030a49c0c2}\Doom 2(1).exe (No File)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2.lnk [2015-01-16]
ShortcutTarget: Doom 2.lnk -> C:\ProgramData\{917fdbdd-f1dd-063a-917f-fdbddf1d6f77}\Doom 2.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59922;https=127.0.0.1:59922
ProxyServer: [S-1-5-21-2051946452-4277247624-1480437364-1002] => http=127.0.0.1:59922;https=127.0.0.1:59922
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B3C04820-3528-471D-A086-5B65310EA8D2}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {896E8C44-A4D1-4FE8-B4AA-254978B9506B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {896E8C44-A4D1-4FE8-B4AA-254978B9506B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {896E8C44-A4D1-4FE8-B4AA-254978B9506B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2051946452-4277247624-1480437364-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\881fbo96.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-10-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-10-08] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-11-27] [not signed]
FF HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-05]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-14]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Norton Identity Safe) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-14]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-25] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-25] (CyberLink)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-05-07] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-07-03] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [66560 2015-07-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-05-07] (Advanced Micro Devices, INC.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2015-05-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-05-07] (Advanced Micro Devices)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-03] (Symantec Corporation) [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-07] (REALiX™)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.003\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.003\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-05-07] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 SymEFASI; C:\Windows\system32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-09] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 08:40 - 2015-11-27 08:41 - 00018385 _____ C:\Users\Michelle\Desktop\FRST.txt
2015-11-27 08:24 - 2015-11-27 08:28 - 00000000 ____D C:\AdwCleaner
2015-11-24 19:42 - 2015-11-24 19:43 - 00035805 _____ C:\Users\Michelle\Downloads\Addition.txt
2015-11-24 19:39 - 2015-11-24 19:43 - 00032727 _____ C:\Users\Michelle\Downloads\FRST.txt
2015-11-24 19:38 - 2015-11-27 08:40 - 00000000 ____D C:\FRST
2015-11-24 19:38 - 2015-11-24 19:38 - 02348544 _____ (Farbar) C:\Users\Michelle\Desktop\FRST64.exe
2015-11-24 18:55 - 2015-11-24 18:55 - 05640282 _____ (Swearware) C:\Users\Michelle\Downloads\ComboFix (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 08:40 - 2015-10-08 18:10 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 08:40 - 2015-07-03 10:30 - 00000442 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-11-27 08:40 - 2014-05-06 17:55 - 00000000 ___RD C:\Users\Michelle\OneDrive
2015-11-27 08:40 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-27 08:39 - 2015-07-04 17:14 - 00008389 _____ C:\WINDOWS\setupact.log
2015-11-27 08:39 - 2013-12-23 11:28 - 01179591 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-27 08:39 - 2013-12-23 11:08 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-27 08:39 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-27 08:35 - 2013-12-03 18:37 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2051946452-4277247624-1480437364-1002
2015-11-27 08:34 - 2013-11-14 02:28 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 08:28 - 2015-07-13 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-27 08:28 - 2015-05-07 18:47 - 00001189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-11-27 08:22 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-26 11:29 - 2014-10-21 15:28 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-26 11:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-11-26 11:13 - 2013-12-03 18:40 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\.minecraft
2015-11-26 11:05 - 2014-01-21 15:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-26 10:15 - 2015-10-08 18:10 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 18:44 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-24 18:43 - 2013-12-03 18:32 - 00000000 ____D C:\Users\Michelle\Documents\Youcam
2015-11-24 18:40 - 2013-12-23 11:15 - 00000000 ____D C:\Users\Michelle
2015-11-20 17:21 - 2015-07-04 17:14 - 00015504 _____ C:\WINDOWS\PFRO.log
2015-11-19 18:49 - 2014-11-15 08:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-19 17:29 - 2015-10-13 18:18 - 00000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2015-11-15 13:05 - 2014-01-21 15:12 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-15 12:48 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2015-07-13 16:11 - 2015-07-30 12:46 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-05 10:05 - 2015-07-13 08:14 - 0000020 _____ () C:\Users\Michelle\AppData\Roaming\appdataFr2.bin
2015-07-13 16:12 - 2015-09-08 15:36 - 0000024 _____ () C:\Users\Michelle\AppData\Roaming\appdataFr25.bin
2014-10-17 11:28 - 2014-10-19 05:29 - 0000136 _____ () C:\Users\Michelle\AppData\Roaming\WB.CFG
2014-10-19 05:28 - 2014-10-19 05:28 - 0000001 _____ () C:\Users\Michelle\AppData\Local\DSI.DAT

Some files in TEMP:
====================
C:\Users\Michelle\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-24 17:16

==================== End of FRST.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 27 November 2015 - 10:13 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:
RemoveProxy:

Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2(1).lnk [2015-01-16]
ShortcutTarget: Doom 2(1).lnk -> C:\ProgramData\{b1dc3030-a499-9805-b1dc-c3030a49c0c2}\Doom 2(1).exe (No File)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2.lnk [2015-01-16]
ShortcutTarget: Doom 2.lnk -> C:\ProgramData\{917fdbdd-f1dd-063a-917f-fdbddf1d6f77}\Doom 2.exe (No File)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59922;https=127.0.0.1:59922
ProxyServer: [S-1-5-21-2051946452-4277247624-1480437364-1002] => http=127.0.0.1:59922;https=127.0.0.1:59922

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 mkmcguire

mkmcguire
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 27 November 2015 - 03:26 PM

So far it appears to be better - there are still some ads, but I can't tell if they are from the websites or external.

 

Thank you for all of your help.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Michelle (2015-11-27 14:33:09) Run:2
Running from C:\Users\Michelle\Desktop
Loaded Profiles: Michelle (Available Profiles: Michelle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:
RemoveProxy:

Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2(1).lnk [2015-01-16]
ShortcutTarget: Doom 2(1).lnk -> C:\ProgramData\{b1dc3030-a499-9805-b1dc-c3030a49c0c2}\Doom 2(1).exe (No File)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2.lnk [2015-01-16]
ShortcutTarget: Doom 2.lnk -> C:\ProgramData\{917fdbdd-f1dd-063a-917f-fdbddf1d6f77}\Doom 2.exe (No File)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59922;https=127.0.0.1:59922
ProxyServer: [S-1-5-21-2051946452-4277247624-1480437364-1002] => http=127.0.0.1:59922;https=127.0.0.1:59922

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2(1).lnk => moved successfully
C:\ProgramData\{b1dc3030-a499-9805-b1dc-c3030a49c0c2}\Doom 2(1).exe => not found.
C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Doom 2.lnk => moved successfully
C:\ProgramData\{917fdbdd-f1dd-063a-917f-fdbddf1d6f77}\Doom 2.exe => not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2051946452-4277247624-1480437364-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.


The system needed a reboot.

==== End of Fixlog 14:33:59 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 28 November 2015 - 07:48 AM

We removed AdBlocker Manger

I suggest you install the adblock plus wich has a good reputation.

If you Google this string adblock plus you will find the version for Firefox and Chrome.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 04 December 2015 - 10:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users