Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newbee here and need help Java SE Runtime Environment 7 Update 60 POPUPS


  • Please log in to reply
12 replies to this topic

#1 lmchurch

lmchurch

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 02:27 PM

This pop-up happens from every few minutes to every few seconds.  I was told it's a Malware.  What should I do?  Thanks so much!!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:13 AM

Posted 01 February 2016 - 02:50 PM

Hi I moved this to the Am I Infected forum to scan first.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
If issue still exists try Solution HERE
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 03:02 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by L (administrator) on 01-02-2016 at 15:00:24
Running from "C:\Users\L\Desktop"
Microsoft Windows 8.1  (X64)
Model: Satellite C55D-A Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:62642;https=127.0.0.1:62642

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Lucynewtoshiba
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 64-5A-04-41-BD-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-8C-FA-67-71-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 64-5A-04-41-BD-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:58c:4103:2367:880b:cf54:6ea3:30d2(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:58c:4103:2367:113:9a81:28ce:1c17(Preferred)
   Link-local IPv6 Address . . . . . : fe80::880b:cf54:6ea3:30d2%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, February 1, 2016 10:50:33 AM
   Lease Expires . . . . . . . . . . : Monday, February 8, 2016 2:12:12 PM
   Default Gateway . . . . . . . . . : fe80::5e57:1aff:fece:3f11%3
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 392452612
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-79-A5-17-00-8C-FA-67-71-9B
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.fl.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3c6f:1d37:b633:97c7(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3c6f:1d37:b633:97c7%5(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-79-A5-17-00-8C-FA-67-71-9B
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:4008:804::200e
   216.58.192.78

Pinging google.com [2607:f8b0:4008:80a::200e] with 32 bytes of data:
Reply from 2607:f8b0:4008:80a::200e: time=17ms
Reply from 2607:f8b0:4008:80a::200e: time=25ms

Ping statistics for 2607:f8b0:4008:80a::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 25ms, Average = 21ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   2001:4998:58:c02::a9
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=84ms
Reply from 2001:4998:44:204::a7: time=80ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 84ms, Average = 82ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...64 5a 04 41 bd df ......Microsoft Wi-Fi Direct Virtual Adapter
  4...00 8c fa 67 71 9b ......Realtek PCIe FE Family Controller
  3...64 5a 04 41 bd df ......Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.5     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.5    281
         10.0.0.5  255.255.255.255         On-link          10.0.0.5    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.5    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.5    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    281 ::/0                     fe80::5e57:1aff:fece:3f11
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6ab8:3c6f:1d37:b633:97c7/128
                                    On-link
  3    281 2601:58c:4103:2367::/64  On-link
  3    281 2601:58c:4103:2367:113:9a81:28ce:1c17/128
                                    On-link
  3    281 2601:58c:4103:2367:880b:cf54:6ea3:30d2/128
                                    On-link
  3    281 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::3c6f:1d37:b633:97c7/128
                                    On-link
  3    281 fe80::880b:cf54:6ea3:30d2/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2016 02:12:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2835140

Error: (02/01/2016 02:12:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2835140

Error: (02/01/2016 02:12:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2016 02:12:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2833594

Error: (02/01/2016 02:12:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2833594

Error: (02/01/2016 02:12:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2016 02:12:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2832125

Error: (02/01/2016 02:12:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2832125

Error: (02/01/2016 02:12:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2016 01:24:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4828

System errors:
=============
Error: (02/01/2016 11:45:26 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/01/2016 11:45:26 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/01/2016 10:50:39 AM) (Source: Service Control Manager) (User: )
Description: The VideoDownloadConverterService service failed to start due to the following error:
%%2

Error: (02/01/2016 10:50:32 AM) (Source: Service Control Manager) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (02/01/2016 10:50:32 AM) (Source: APXACC) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (02/01/2016 09:44:35 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/01/2016 09:44:35 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/01/2016 09:44:33 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/01/2016 09:44:33 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/01/2016 09:44:15 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office Sessions:
=========================
Error: (02/01/2016 02:12:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2835140

Error: (02/01/2016 02:12:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2835140

Error: (02/01/2016 02:12:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2016 02:12:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2833594

Error: (02/01/2016 02:12:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2833594

Error: (02/01/2016 02:12:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2016 02:12:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2832125

Error: (02/01/2016 02:12:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2832125

Error: (02/01/2016 02:12:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2016 01:24:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4828

CodeIntegrity Errors:
===================================
  Date: 2016-02-01 15:00:16.024
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 15:00:15.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:05.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:04.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:04.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:03.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:02.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:01.710
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:00.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-01 12:35:00.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

Adobe Reader XI (11.0.14)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.2.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\{B478848A-12D4-41C5-8DCA-83E4F2AD8022}) (Version: 16.41.7441 - AVG Technologies) Hidden
AVG (HKLM\...\{F9880989-072C-4520-B525-041F100E0B32}) (Version: 16.31.7357 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG 2016 (HKLM\...\{C3506E0A-35BE-4AAF-BA41-62E9D9FD3B92}) (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7441 - AVG Technologies)
AVG Zen (HKLM\...\{5ED53AC5-2BEA-4B9D-8AA2-41AF9565F75A}) (Version: 1.31.9 - AVG Technologies) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-eef844c4-4975-4e34-bc9f-e5841b64ae79) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-290C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Chuzzle Deluxe (HKLM-x32\...\WTA-79146bb4-d199-42b1-abe9-d1102af2c2f8) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
DTS Sound (HKLM-x32\...\{2C7A5AF4-1793-4B5A-89C0-021FB198EDE8}) (Version: 1.01.3700 - DTS, Inc.)
Elementals - The Magic Key (HKLM-x32\...\WTA-c8b8635d-9c38-43d6-b0aa-c7c8a294be41) (Version: 2.2.0.97 - WildTangent) Hidden
FMW 1 (HKLM\...\{1F610B48-81E7-4A33-AFC9-1D7602C80732}) (Version: 1.52.1 - AVG Technologies) Hidden
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
hp deskjet 3600 (HKLM-x32\...\{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}) (Version: 1.01.0000 - Hewlett-Packard)
HP Memories Disc (HKLM-x32\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Photo and Imaging 2.0 - Deskjet Series (HKLM-x32\...\{E0828692-FD9D-459F-9312-C645C3CA6650}) (Version: 2.00.0001 - {&Tahoma8}Hewlett-Packard)
hp print screen utility (HKLM-x32\...\hp print screen utility) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
King Oddball (HKLM-x32\...\WTA-f6ea5489-4f55-435d-ae14-ead37ad25fc9) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-8255ec0d-76a2-4f13-88d6-26c915aa6bf0) (Version: 2.2.0.98 - WildTangent) Hidden
Match-3 All-Time Hit Bundle (HKLM-x32\...\WTA-c145d624-a064-4135-a6ac-c3539a10bbb9) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-bb4eb03f-a7d9-4b84-99ba-02fa0157c967) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Sparkle 2 (HKLM-x32\...\WTA-86e91f0f-04ed-4dd7-b1c5-72058488a1ff) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.10 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKCU\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.0.8.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wonderland Solitaire (HKLM-x32\...\WTA-219c4ee8-1fd9-45db-824a-fbde9b670ac8) (Version: 2.2.0.110 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-04181a0d-b4be-430c-874a-94bbbb01f875) (Version: 2.2.0.97 - WildTangent) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 3523.26 MB
Available physical RAM: 751.62 MB
Total Virtual: 7107.26 MB
Available Virtual: 3811.96 MB

========================= Partitions: =====================================

1 Drive c: (TI10664800H) (Fixed) (Total:452.99 GB) (Free:385.56 GB) NTFS

========================= Users: ========================================

User accounts for \\LUCYNEWTOSHIBA

Administrator            Guest                    L                       

**** End of log ****



#4 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 03:14 PM

# AdwCleaner v5.032 - Logfile created 01/02/2016 at 15:07:06
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : L - LUCYNEWTOSHIBA
# Running from : C:\Users\L\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\DriverTuner
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Folder Found : C:\Users\L\AppData\LocaL\DriverTuner
Folder Found : C:\Users\L\AppData\LocaL\pokki
Folder Found : C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Folder Found : C:\Users\L\AppData\Local\Temp\APN-Stub
Folder Found : C:\WINDOWS\SysNative\Tasks\GeniusBox

***** [ Files ] *****

File Found : C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfkjojacgdjkninepeghaamnapdjmlfn_0.localstorage
File Found : C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_taplika.com_0.localstorage
File Found : C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_taplika.com_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : Check Updates
Task Found : GeniusBox
Task Found : Validate Installation

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_90]
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
Key Found : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Found : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
Key Found : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
Key Found : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
Key Found : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
Key Found : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
Key Found : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
Key Found : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
Key Found : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
Key Found : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
Key Found : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
Key Found : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
Key Found : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
Key Found : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AADC8B2-562B-407B-88B3-916140226CBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103C314-C4E2-4463-8934-B19BCB46236D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97CEF41C-5055-474A-855A-892D4FE3E596}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8aadc8b2-562b-407b-88b3-916140226cbc}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103c314-c4e2-4463-8934-b19bcb46236d}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97cef41c-5055-474a-855a-892d4fe3e596}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d375ee64-f893-498a-a0e9-0e9829c88c3d}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\DownloadAdmin
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\geniusboxinstalled
Key Found : HKLM\SOFTWARE\GeniusBox
Key Found : HKLM\SOFTWARE\ONESOFTPERDAY
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\DownloadAdmin
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\DriverTuner
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\DriverTuner_Init
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\geniusboxinstalled
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\324B4B70AD4E1D7438725B98BEB4BE85
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7B9EEC73-A5CD-4E1E-9ED5-034CB8C9E18D}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7B9EEC73-A5CD-4E1E-9ED5-034CB8C9E18D}
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\petsask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
Value Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
Value Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [UpdateAdmin]
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Key Found : HKCU\Software\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKCU\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1

***** [ Web browsers ] *****

[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : taplika.com
[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.tb.ask.com
[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_03&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEyEtC0B0D0D0F0DzztB0DtN0D0Tzu0StCtCtDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEtA0FzyyB0AyD0AtGyEtAzy0CtGzzzz0C0CtGyB0A0A0CtGtBtC0CyC0DyEyBzztAyEyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0ByCyCzytB0DtGtBtAtDzztGyEyBtCyCtG0AtB0B0CtG0F0FtBtAtC0A0CyCyDtAyE0B2Q&cr=2089522804&ir=
[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lfkjojacgdjkninepeghaamnapdjmlfn

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10063 bytes] ##########



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:13 AM

Posted 01 February 2016 - 03:26 PM

Remove what ADWCleaner found...

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved on the %systemdrive% (usually C:\).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 03:33 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64
Ran by L (Administrator) on Mon 02/01/2016 at 15:24:01.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 11

Successfully deleted: C:\ProgramData\avg security toolbar (Folder)
Successfully deleted: C:\Users\L\AppData\Local\{4028F6C1-2B2D-464B-B16A-F32D9805951B} (Empty Folder)
Successfully deleted: C:\Users\L\AppData\Local\{C9F4DCCA-9E68-4B9E-98C2-EDD86C81D193} (Empty Folder)
Successfully deleted: C:\Users\L\AppData\Local\{DB2DA426-1CCA-4EB0-83B7-FFE22D5D0BFF} (Empty Folder)
Successfully deleted: C:\Users\L\AppData\Local\40a856895daf10e664c41b656bebee6d (File)
Successfully deleted: C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn (Folder)
Successfully deleted: C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfkjojacgdjkninepeghaamnapdjmlfn_0.localstorage (File)
Successfully deleted: C:\Users\L\AppData\Local\pokki (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Check Updates (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\GeniusBox (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Validate Installation (Task)

 

Registry: 9

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_20C3476E9F850696941C9C56497DE747 (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateAdmin (Registry Value)
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_90 (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\VideoDownloadConverter_4zService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7B9EEC73-A5CD-4E1E-9ED5-034CB8C9E18D} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/01/2016 at 15:26:58.64
End of JRT log



#7 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 03:49 PM

I RAN ADWEAR CLEANER AGAIN, AFTER RUNNING JUNKWARE REMOVAL TOOL TO REMOVE THE FILES.  HERE'S THE LATEST REPORT:

 

# AdwCleaner v5.032 - Logfile created 01/02/2016 at 15:40:19
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : L - LUCYNEWTOSHIBA
# Running from : C:\Users\L\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverTuner
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[-] Folder Deleted : C:\Users\L\AppData\LocaL\DriverTuner
[-] Folder Deleted : C:\Users\L\AppData\Local\Temp\APN-Stub

***** [ Files ] *****

[-] File Deleted : C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_taplika.com_0.localstorage
[-] File Deleted : C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_taplika.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
[-] Key Deleted : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AADC8B2-562B-407B-88B3-916140226CBC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103C314-C4E2-4463-8934-B19BCB46236D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97CEF41C-5055-474A-855A-892D4FE3E596}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8aadc8b2-562b-407b-88b3-916140226cbc}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103c314-c4e2-4463-8934-b19bcb46236d}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97cef41c-5055-474a-855a-892d4fe3e596}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d375ee64-f893-498a-a0e9-0e9829c88c3d}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103c314-c4e2-4463-8934-b19bcb46236d}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\DownloadAdmin
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\geniusboxinstalled
[-] Key Deleted : HKLM\SOFTWARE\GeniusBox
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\DownloadAdmin
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\DriverTuner
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\DriverTuner_Init
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\geniusboxinstalled
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\petsask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[-] Value Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [UpdateAdmin]
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key Deleted : HKCU\Software\Classes\Toolbar3.CustomInternetSecurityImpl
[-] Key Deleted : HKCU\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.CookiesManager
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\Toolbar3.CustomInternetSecurityImpl
[!] Key Not Deleted : HKU\S-1-5-21-2319841396-4146265313-1568804478-1001\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1

***** [ Web browsers ] *****

[-] [C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : taplika.com
[-] [C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.tb.ask.com
[-] [C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_03&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEyEtC0B0D0D0F0DzztB0DtN0D0Tzu0StCtCtDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEtA0FzyyB0AyD0AtGyEtAzy0CtGzzzz0C0CtGyB0A0A0CtGtBtC0CyC0DyEyBzztAyEyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0B0ByCyCzytB0DtGtBtAtDzztGyEyBtCyCtG0AtB0B0CtG0F0FtBtAtC0A0CyCyDtAyE0B2Q&cr=2089522804&ir=
[-] [C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lfkjojacgdjkninepeghaamnapdjmlfn

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9247 bytes] ##########


I AM NOW GOING TO RUN ESET ONLINE SCANNER.  BY THE WAY, THE POP-UPS ARE STILL HAPPENING AT THIS POINT.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:13 AM

Posted 01 February 2016 - 03:53 PM

Ok, Well at least we'll have cleaned it before moveing on ..

 

ESET will take a while so I'll look back around 8 pm eastern


Edited by boopme, 01 February 2016 - 03:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 05:15 PM

Boy, you're right.  This is taking forever.  It's still on 87%, has been for several minutes with 70 threats found so far.



#10 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 05:46 PM

Here's the list that was found as threatening.  I'm still getting that pop-up at this time.  Hoping there's another step to this that will take care of that?

 

C:\$Recycle.Bin\S-1-5-21-2319841396-4146265313-1568804478-1001\$R432DHP.exe Win32/Systweak.K potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2319841396-4146265313-1568804478-1001\$R999POZ.exe a variant of Win32/DownloadAdmin.J potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2319841396-4146265313-1568804478-1001\$RTK52G8.exe Win32/Systweak.K potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2319841396-4146265313-1568804478-1001\$RWBNLVK.exe Win32/Systweak.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zauxstb64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbprtct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe.vir Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll.vir Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll.vir Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll.vir Win32/Toolbar.MyWebSearch.AG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregfft.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll.vir Win32/Toolbar.MyWebSearch.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsrchmr.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATOR.EXE.vir Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATORSTUB.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EPMSUP.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\TPIMANAGERCONSOLE.EXE.vir Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\UNIFIEDLOGGING.DLL.vir Win32/Toolbar.MyWebSearch.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\L\AppData\Local\GeniusBox\Tasks.exe.vir a variant of MSIL/Adware.iBryte.X application
C:\AdwCleaner\Quarantine\C\Users\L\AppData\Local\GeniusBox\Uninstall.exe.vir a variant of MSIL/Adware.iBryte.X application
C:\AdwCleaner\Quarantine\C\Users\L\AppData\Local\GeniusBox\Updater.exe.vir a variant of MSIL/Adware.iBryte.X application
C:\AdwCleaner\Quarantine\C\Users\L\AppData\Local\UpdateAdmin\UpdateAdmin.exe.vir Win32/DownloadAdmin.K potentially unwanted application
C:\Users\L\AppData\Local\Temp\air10F2.exe Win32/Compete.A potentially unwanted application
C:\Users\L\AppData\Local\Temp\airE387.exe multiple threats
C:\Users\L\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\L\AppData\Local\Temp\nsg9F82.tmp\bundleinstall.lua Win32/DownloadAdmin.H potentially unwanted application
C:\Users\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc9e0c0-31a023be a variant of Java/Obfus.BS trojan
C:\Users\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\7689a8c2-67fe11dd a variant of Java/Obfus.BS trojan
C:\Users\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\48e26094-28885a21 a variant of Java/Obfus.BS trojan
C:\Users\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\222ed4b8-21ee2623 a variant of Java/Obfus.BS trojan
C:\Users\L\Downloads\RecipeHub.exe a variant of Win32/AdInstaller potentially unwanted application



#11 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 01 February 2016 - 06:02 PM

Do I need to go in and delete these files myself?  I'm still getting constant pop-ups, unfortunately.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:13 AM

Posted 02 February 2016 - 11:19 AM

Rerun ESET,,,Checking Remove found threats will clean or quarantine detected items
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 lmchurch

lmchurch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 02 February 2016 - 11:23 AM

OK, thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users