[Dakeyras]

Acknowledged and not a problem.

[Advertisements]

Hi,

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by DV7 at 2015-03-30 04:50:32 Run:3
Running from C:\Users\DV7\Desktop
Loaded Profiles: DV7 (Available profiles: DV7)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DV7\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=1653087703=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=1653087703=
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=1653087703=
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {062E4E2E-C839-4093-9426-57ECC8D84CBB} URL = http://www.the-arena...sc={searchTerms}
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {42CF6F41-3272-469C-84ED-A1A1AEC9FA83} URL = https://search.yahoo...rtPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=1653087703=
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {A3050548-F9BC-4082-91E2-D0427F5DB640} URL = http://www.search.as...rms}&psv=&pt=tb
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: No Name -> {4F524A2D-5350-4500-76A7-7A786E7484D7} ->  No File
BHO-x32: No Name -> {4F524A2D-5350-4500-76A7-7A786E7484D7} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-27] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
FF DefaultSearchUrl: https://www.google.c...?trackid=sp-006
FF SelectedSearchEngine: Taplika
FF Homepage: hxxp://taplika.com/?f=1&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtDtCyC0Czz0E0E0EyEzztN0D0Tzu0StCtCtBzztN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0EyB0F0AtB0F0AtG0DtD0B0EtG0DtC0FtCtG0FtC0CyBtGyD0C0FtBtDtAtCzz0FyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyC0F0FyC0BtBtBtGtCtD0EtCtGyEyBtAzztG0A0ByB0DtG0C0F0AzyyBtByB0B0A0Fzzzz2Q&cr=636336491&ir=
FF Keyword.URL: https://www.google.c...?trackid=sp-006
FF NewTab: about:newtab
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-27] (Oracle Corporation)
FF user.js: detected! => C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\user.js [2015-02-02]
FF SearchPlugin: C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\searchplugins\Taplika.xml [2015-02-03]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\Extensions\[email protected] [2015-01-28]
2015-03-07 20:40 - 2015-03-16 20:23 - 00000000 ____D () C:\Program Files (x86)\GUMB46F.tmp
2015-03-07 20:40 - 2015-03-07 20:40 - 06103040 _____ () C:\Program Files (x86)\GUTB470.tmp
2015-03-27 06:18 - 2015-02-02 17:54 - 00000000 ____D () C:\Users\DV7\AppData\Local\Taplika
Task: {3D09E097-A197-48F2-993D-431D44774AB8} - System32\Tasks\{05E9BB1D-E6A6-4813-8762-0535AAC3618A} => pcalua.exe -a D:\setup.exe -d D:\
Task: {9BA52F54-11C8-49D2-B3E4-9473C79E3129} - System32\Tasks\MySearchDial => C:\Users\DV7\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {C1CB3929-B49F-4B44-8708-995E41E53732} - System32\Tasks\Driver Booster SkipUAC (DV7) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\DV7\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\DV7\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe <==== ATTENTION
C:\Users\DV7\AppData\Roaming\WSE_Taplika
C:\Users\DV7\AppData\Roaming\MySearchDial
C:\Program Files (x86)\IObit
C:\Program Files (x86)\Java
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WSE_Taplika => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062E4E2E-C839-4093-9426-57ECC8D84CBB}" => Key deleted successfully.
HKCR\CLSID\{062E4E2E-C839-4093-9426-57ECC8D84CBB} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42CF6F41-3272-469C-84ED-A1A1AEC9FA83}" => Key deleted successfully.
HKCR\CLSID\{42CF6F41-3272-469C-84ED-A1A1AEC9FA83} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3050548-F9BC-4082-91E2-D0427F5DB640}" => Key deleted successfully.
HKCR\CLSID\{A3050548-F9BC-4082-91E2-D0427F5DB640} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox newtab deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2 => Key not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2 => Key not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll not found.
C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\user.js => Moved successfully.
C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\searchplugins\Taplika.xml => Moved successfully.
C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\Extensions\[email protected] => Moved successfully.
C:\Program Files (x86)\GUMB46F.tmp => Moved successfully.
C:\Program Files (x86)\GUTB470.tmp => Moved successfully.
C:\Users\DV7\AppData\Local\Taplika => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D09E097-A197-48F2-993D-431D44774AB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D09E097-A197-48F2-993D-431D44774AB8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{05E9BB1D-E6A6-4813-8762-0535AAC3618A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05E9BB1D-E6A6-4813-8762-0535AAC3618A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BA52F54-11C8-49D2-B3E4-9473C79E3129}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BA52F54-11C8-49D2-B3E4-9473C79E3129}" => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1CB3929-B49F-4B44-8708-995E41E53732}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1CB3929-B49F-4B44-8708-995E41E53732}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (DV7) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (DV7)" => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\Windows\Tasks\WSE_Taplika.job => Moved successfully.
C:\Users\DV7\AppData\Roaming\WSE_Taplika => Moved successfully.
C:\Users\DV7\AppData\Roaming\MySearchDial => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Program Files (x86)\Java => Moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {68E9F27E-48CA-4E0F-8DEF-AD0A40002FCF}.
{154447D3-F1ED-4807-89A9-93FF8DACD704} canceled.
{EE92DAD5-4779-460F-BF10-A171E6C9ED72} canceled.
2 out of 3 jobs canceled.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog 04:55:53 ====

 

 

 

AdwCleaner Log:

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 06:27:25
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : DV7 - DV7-PC
# Running from : C:\Users\DV7\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : CouponPrinterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\Clock Hand
Folder Deleted : C:\Users\DV7\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\DV7\AppData\Roaming\DigitalSites

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\Taplika Browser
Key Deleted : HKCU\Software\WSE_Taplika
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v33.0.3 (x86 en-US)

-\\ Google Chrome v41.0.2272.101

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [5649 bytes] - [30/03/2015 06:25:29]
AdwCleaner[S0].txt - [5175 bytes] - [30/03/2015 06:27:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5234  bytes] ##########

[mtnester]

Hi,

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by DV7 at 2015-03-30 04:50:32 Run:3
Running from C:\Users\DV7\Desktop
Loaded Profiles: DV7 (Available profiles: DV7)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DV7\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=1653087703=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=1653087703=
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=1653087703=
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {062E4E2E-C839-4093-9426-57ECC8D84CBB} URL = http://www.the-arena...sc={searchTerms}
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {42CF6F41-3272-469C-84ED-A1A1AEC9FA83} URL = https://search.yahoo...rtPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=1653087703=
SearchScopes: HKU\S-1-5-21-2834254562-1721606114-2049028308-1000 -> {A3050548-F9BC-4082-91E2-D0427F5DB640} URL = http://www.search.as...rms}&psv=&pt=tb
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: No Name -> {4F524A2D-5350-4500-76A7-7A786E7484D7} ->  No File
BHO-x32: No Name -> {4F524A2D-5350-4500-76A7-7A786E7484D7} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-27] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
FF DefaultSearchUrl: https://www.google.c...?trackid=sp-006
FF SelectedSearchEngine: Taplika
FF Homepage: hxxp://taplika.com/?f=1&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtDtCyC0Czz0E0E0EyEzztN0D0Tzu0StCtCtBzztN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0EyB0F0AtB0F0AtG0DtD0B0EtG0DtC0FtCtG0FtC0CyBtGyD0C0FtBtDtAtCzz0FyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyC0F0FyC0BtBtBtGtCtD0EtCtGyEyBtAzztG0A0ByB0DtG0C0F0AzyyBtByB0B0A0Fzzzz2Q&cr=636336491&ir=
FF Keyword.URL: https://www.google.c...?trackid=sp-006
FF NewTab: about:newtab
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-27] (Oracle Corporation)
FF user.js: detected! => C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\user.js [2015-02-02]
FF SearchPlugin: C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\searchplugins\Taplika.xml [2015-02-03]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\Extensions\[email protected] [2015-01-28]
2015-03-07 20:40 - 2015-03-16 20:23 - 00000000 ____D () C:\Program Files (x86)\GUMB46F.tmp
2015-03-07 20:40 - 2015-03-07 20:40 - 06103040 _____ () C:\Program Files (x86)\GUTB470.tmp
2015-03-27 06:18 - 2015-02-02 17:54 - 00000000 ____D () C:\Users\DV7\AppData\Local\Taplika
Task: {3D09E097-A197-48F2-993D-431D44774AB8} - System32\Tasks\{05E9BB1D-E6A6-4813-8762-0535AAC3618A} => pcalua.exe -a D:\setup.exe -d D:\
Task: {9BA52F54-11C8-49D2-B3E4-9473C79E3129} - System32\Tasks\MySearchDial => C:\Users\DV7\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {C1CB3929-B49F-4B44-8708-995E41E53732} - System32\Tasks\Driver Booster SkipUAC (DV7) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\DV7\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\DV7\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe <==== ATTENTION
C:\Users\DV7\AppData\Roaming\WSE_Taplika
C:\Users\DV7\AppData\Roaming\MySearchDial
C:\Program Files (x86)\IObit
C:\Program Files (x86)\Java
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WSE_Taplika => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062E4E2E-C839-4093-9426-57ECC8D84CBB}" => Key deleted successfully.
HKCR\CLSID\{062E4E2E-C839-4093-9426-57ECC8D84CBB} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42CF6F41-3272-469C-84ED-A1A1AEC9FA83}" => Key deleted successfully.
HKCR\CLSID\{42CF6F41-3272-469C-84ED-A1A1AEC9FA83} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3050548-F9BC-4082-91E2-D0427F5DB640}" => Key deleted successfully.
HKCR\CLSID\{A3050548-F9BC-4082-91E2-D0427F5DB640} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox newtab deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2 => Key not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2 => Key not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll not found.
C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\user.js => Moved successfully.
C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\searchplugins\Taplika.xml => Moved successfully.
C:\Users\DV7\AppData\Roaming\Mozilla\Firefox\Profiles\1xqkj2pc.default\Extensions\[email protected] => Moved successfully.
C:\Program Files (x86)\GUMB46F.tmp => Moved successfully.
C:\Program Files (x86)\GUTB470.tmp => Moved successfully.
C:\Users\DV7\AppData\Local\Taplika => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D09E097-A197-48F2-993D-431D44774AB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D09E097-A197-48F2-993D-431D44774AB8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{05E9BB1D-E6A6-4813-8762-0535AAC3618A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05E9BB1D-E6A6-4813-8762-0535AAC3618A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BA52F54-11C8-49D2-B3E4-9473C79E3129}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BA52F54-11C8-49D2-B3E4-9473C79E3129}" => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1CB3929-B49F-4B44-8708-995E41E53732}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1CB3929-B49F-4B44-8708-995E41E53732}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (DV7) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (DV7)" => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\Windows\Tasks\WSE_Taplika.job => Moved successfully.
C:\Users\DV7\AppData\Roaming\WSE_Taplika => Moved successfully.
C:\Users\DV7\AppData\Roaming\MySearchDial => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Program Files (x86)\Java => Moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {68E9F27E-48CA-4E0F-8DEF-AD0A40002FCF}.
{154447D3-F1ED-4807-89A9-93FF8DACD704} canceled.
{EE92DAD5-4779-460F-BF10-A171E6C9ED72} canceled.
2 out of 3 jobs canceled.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog 04:55:53 ====

 

 

 

AdwCleaner Log:

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 06:27:25
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : DV7 - DV7-PC
# Running from : C:\Users\DV7\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : CouponPrinterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\Clock Hand
Folder Deleted : C:\Users\DV7\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\DV7\AppData\Roaming\DigitalSites

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\Taplika Browser
Key Deleted : HKCU\Software\WSE_Taplika
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v33.0.3 (x86 en-US)

-\\ Google Chrome v41.0.2272.101

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [5649 bytes] - [30/03/2015 06:25:29]
AdwCleaner[S0].txt - [5175 bytes] - [30/03/2015 06:27:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5234  bytes] ##########

[Dakeyras]

Hi.

My apologies for the delay, I have been very busy workwise and unfortunately not a lot of time to be online but thankfully all sorted now.

Anyway lets proceed as follows shall we...

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Note: Temp' disable/shut down your anti-virus software now to avoid potential conflicts, how to do so can be read here.

• Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure your anti-virus software is now enabled etc.

Malwarebytes Anti-Malware:

Please download the installer to your desktop.

• Right-click on mbam-setup-2.1.4.1018.exe and select Run as Administrator, then follow the prompts to install the program.
• If the GUI(graphical user interface) for Malwarebytes Anti-Malware does not automatically appear, launch the application manually.
• Click on Update Now >>, then click on the Settings tab >> Detection and Protection.
• Under the Detection Options, ensure the following are selected:-

Use Advanced Heuristics Engine (Shuriken)
Scan for rootkits
Scan within archives

• Now click on the Scan tab, ensure Threat Scan is selected >> click on Start Scan.

Note: If the following message is denoted, 'Could not load DDA driver'. Click on Yes, then allow your computer to reboot and continue afterwards etc.

• If threats are detected, select Quarantine >> click on the Apply Actions button >> click on Yes at the prompt to reboot.
• Upon completion of the scan(or after the reboot), click on the History tab.
• Click on Application Logs >> double-click on Scan Log.
• Now click on the Export tab >> Copy to Clipboard, paste the log into your next reply for my review.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• Junkware Removal Tool Log.
• Malwarebytes Anti-Malware Log.

[mtnester]

Hi,

 

 

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• Junkware Removal Tool Log.
• Malwarebytes Anti-Malware Log.

 

I hadn't had a chance to do much with my computer, so I took some time for typical things to try it out and things seem to be working pretty well overall other than some IE quirkiness which I experience on both my 64-bit laptops, so that would be an IE problem. Hate IE anyway and have only been using it from necessity. Every time I close a tab this happens:

 

 

 

Another IE problem I encounter (IE 11) is the starting tabs. I set options to begin with tabs from last time. That never happens. Reopen last browsing session is always grayed out, and opening a new tab gives me the blank tab with frequent tiles but at the bottom I cannot reopen last session.

 

There are also issues going on between Firefox and Xmarks. I recently discovered that my Xmarks bookmarks have not worked properly since late October (coincidentally when my premium account expired) and since that time bookmarks have gone out of whack in a major way, having lost some large folders totally on the website, and those same folders on my local computer have the bookmark names but the locations are all "about:blank." I renewed my premium account recently when I discovered the lapse, but I will have to submit a support ticket to get help on that one. I do NOT want to lose the couple hundred bookmarks that were lost due to "about:blank" URL problems and they are all Pinterest boards to which I want to return so I will need to search Pinterest for them. In the meantime I have saved all URLs to a text document that would ordinarily have been added to my bookmarks. I also noticed that since I disabled the Xmarks add-on in Firefox I don't get the dreaded "not responding" hangups I have been experiencing.  Even so, I have experienced non-responsiveness when clicking a link or tab in Fx which is quite annoying when I have a quad-core machine with 8 GB RAM, so I doubt it is a computer problem. (Right? Maybe not--see below Avast observation.)

 

 

Logs you requested--

 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by DV7 on Thu 04/02/2015 at 23:34:28.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\DV7\AppData\Roaming\mozilla\firefox\profiles\1xqkj2pc.default\extensions\staged
Successfully deleted the following from C:\Users\DV7\AppData\Roaming\mozilla\firefox\profiles\1xqkj2pc.default\prefs.js

user_pref("extensions.lastpass.searchforsiteswithinaddressbar", true);
Emptied folder: C:\Users\DV7\AppData\Roaming\mozilla\firefox\profiles\1xqkj2pc.default\minidumps [8 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/02/2015 at 23:43:27.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Malwarebytes Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2015
Scan Time: 6:26:02 PM
Logfile: malwarebytes scan apr 3 15.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.03.08
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DV7

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338591
Time Elapsed: 19 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Trovi.A, HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [ea4af474ddad95a1c3de47e645be54ac],
PUP.Optional.ClockHand.A, HKU\S-1-5-21-2834254562-1721606114-2049028308-1000\SOFTWARE\Clock Hand, , [48ec76f27416c3733425aa173ec51fe1],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Driverboss, C:\Users\DV7\AppData\Local\HP Drivers Update Utility\liveupdate.7z.exe, , [43f169ffbdcd211538d86ff3d82ae41c],
PUP.Optional.Taplika.A, C:\Windows\System32\Tasks\WSE_TAPLIKA, , [90a42147414984b2e92aba0bae55b848],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

One thing with Malwarebytes is that I did purchase a license for all my computers, but have now lost the license number after being unsuccessful in inserting it before I began working with you. I kept getting some kind of error that it couldn't be inserted, and in fact Malwarebytes wouldn't work at all earlier. I was sure I kept the license key somewhere, but since GoDaddy webmail discontinued the ability to search the content of email and I have about 9 email addresses it will take awhile to locate.

 

The issue I experienced with using MWB this time was that after the scan there was no option to quarantine the four issues it found. The only option was Remove Selected, which I chose to do after reviewing the list. I checked Save Results to get a log then removed the items.

 

 

How do you think things look at this point? I am certainly satisfied with the current operation in that I have no trouble booting into Normal mode. I was thinking perhaps regarding Avast! that I shouldn't use the rootkit scan (although to be honest, it may have been Advanced Care 8 that I used to do the scan--I can't remember at this point). To my chagrin, I just tried opening Avast! from the toolbar and nothing happens at all, whether I double-click or right-click. Odd. I can start from the desktop icon, however.

 

 

 

[Dakeyras]

Hi.

All has been acknowledged and thank you for the comprehensive feedback. Aye it would be prudent not to make any changes to your machine and or run any form of scan unless I advise such etc.

With regards to your licence for Malwarebytes Anti-Malware, you could consider contacting the vendor directly and or via the support website.

Ok as it stands once I am satisfied your machine appear malware free we can start working on the other issues. For the time being lets proceed as follows shall we...

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.

• Right-click FSS.exe and select Run as Administrator to start the program.
• Select all available options.
• Then click on the Scan tab.
• When the scan is complete, it will produce a log named FSS.txt.
• Post the contents in your next reply.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your Desktop.

Alternate downloads are here and here.

• Right-click on PandaCloudCleaner.exe and select Run as Administrator >> Next > >> >> Next >
• Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
• Please be patient as the scan may take some time to complete depending on your system's specifications.
• Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
• Now within the GUI click on the > tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
• Save this to your desktop and post the contents in your next reply.
• Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

[mtnester]

Hi,

 

Another aggravation just popped up. I spent a couple of hours writing an email in IE and it would not send. I had to copy the body, delete the original email, open another compose window and paste. Then it would send. I also keep "losing" my cursor somehow. It simply disappears off the screen and I have to click the screen again to replace it. 

[mtnester]

Hi,

 

As requested:

 

 

Scan with FSS:

 

Farbar Service Scanner Version: 17-01-2015
Ran by DV7 (administrator) on 05-04-2015 at 21:07:34
Running from "C:\Users\DV7\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

 

 

Scan with Panda Cloud Cleaner:

 

 

Malware. FILE: C:\USERS\DV7\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GRN1PYWM.TXT to be deleted.Malware. FILE: C:\USERS\DV7\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\W1D3QI19.TXT to be deleted.Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

 

 

 

Ready to proceed.

 

 

[Dakeyras]

Hi.
 

an email in IE and it would not send

I take it you mean a type of webmail, feasible there may have been a problem with the service though I suspect it has to do with the on-going IE issues.

Test IE again for myself please after completing the below as follows...

Windows Repair (All In One):

Please download the installer for Windows Repair (All In One) from here to your desktop

Alternate downloads are here and here.

• Right-click on tweaking.com_windows_repair_aio_setup.exe and select Run as Administrator >> when the installation window has loaded click on Next > >> follow the rest of the prompts for a default installation.
• Once fully installed the below GUI(graphical user interface) will appear/load:-

• Follow the advise re: Do A Proper Power Reset! under the Step 1 tab. After completion and rebooted your machine, launch Windows Repair (All In One) again.
• Once the GUI(graphical user interface) has loaded, click on the Step 5 tab >> Under 1. Regsitry Backup click on Backup
• When the above has been created, under the 2. System Restore setting click on the Create tab.
• Then after Restore point created at date/time is denoted >> click on the Repairs tab >> deselect Automatically do a registry backup if it is pre-selected >> Open Repairs
• Referring to the image below ensure the following are selected only(deselect/select to suit):-

• Now click on the Start Repairs tab and the repair process will begin. Do not use your machine for anything else until the repairs are completed.
• Upon completion your machine should automatically reboot, if it does not do so manually please.

Then:-

Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box and copy and paste in:

"C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs"

Click on OK >> a window named Logs will open. Right-click on the folder and select Send To >> Compressed (zipped) Folder

At the prompt click on Yes >> the zip file will be saved to your desktop. Attach the zip file in your next reply please.

Repair Avast Installation:

• Please click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features
• Click once on Avast Free Anti-Virus to highlight >> Uninstall >> and wait for the Avast Installation GUI(graphical user interface) to load.
• Once it has click on the Repair option >> Continue, upon completion click on Restart Computer.

Update FireFox:

• Launch the browser >> Help >> then click on About Firefox or Check for Updates...(whichever is denoted in your current version etc)
• Click on the Update Firefox tab when prompted to upgrade to v37.0.1.
• Restart Firefox when prompted.

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Dakeyras]

Topic re-opened per OP's request...

[mtnester]

Hi,

 

This series of instructions turned out to be more difficult than I thought due to the difference in program versions, but I believe I have completed the steps. I need to be able to attach files and screenshots, but IE will not cooperate at all, and Firefox, which I am using for this post does not want to allow me to use the More

Reply Options box, although I have had no trouble before this. (Upgrading to v. 37). After several attempts, however, I do see where I can access the quote box. I do not see the selection to upload files.

 

Truthfully, it seems my computer does not work as well as before I ran the Tweaking program.

 

 

Click on OK >> a window named Logs will open. Right-click on the folder and select Send To >> Compressed (zipped) Folder

At the prompt click on Yes >> the zip file will be saved to your desktop. Attach the zip file in your next reply please.

 

There is no file attachment selection to allow me to attach the requested zip file at this time. (Using Firefox)

 IE is totally nonfunctional. If I have IE open then open my document writer to record comments, I then can nothing else unless I use the Close button to exit IE. I will go to my other laptop and attempt to complete this post in a few minutes.

[mtnester]

Hi,

 

I thought I would make one more attempt on the DV7 at using IE to complete a response, and it seems to be working for the moment. Prior to my last post it wouldn't work at all. I opened IE and got a new tab It is supposed to start with the tabs from last time, which it was doing before Tweaking.

 

The screens for Tweaking.com are different in the newer version, and eventually I was able to find the various items for your instructions and perform them.

 

 

 

Click on OK >> a window named Logs will open. Right-click on the folder and select Send To >> Compressed (zipped) Folder

 

At the prompt click on Yes >> the zip file will be saved to your desktop. Attach the zip file in your next reply please.

 

 

It did take nearly an hour for the program to complete all the repair steps. The zip file follows:

 

 4.9.2015_11.22.32-PM.zip   4.91KB   170 downloads

 

 

I opened IE to respond to your post and got this:

 

 

IE opened but could not do anything with it.

When IE doesn't work, nothing else will work either. Could not close other windows showing below

 

 

 

can't open previous session. I can pull down the Tools menu on the side, but most items are grayed out.  I tried refreshing the page but that didn't work. IE finally closed after clicking the Close box a number of times. The next time I opened it there was a totally blank window showing only the search/address box and the bookmark toolbar. No command menu. No response to a right-click. I couldn't open the previous session. I could pull down the Tools menu on the side, but most items were grayed out. Now finally IE seems to be working again but I will have to go through History to locate the other tabs I had open previously.

 

 

Repair Avast Installation

 

Completed.

 

 

Update FireFox:

 

 

Completed.

 

 

 

Further instructions?

 

 

[Dakeyras]

Hi.

This series of instructions turned out to be more difficult than I thought due to the difference in program versions

Most unfortunate this occurrence as the instructions were up to date time of my post and in future if you encounter any problems again merely stop what you are doing and inform myself please.

I think the Firefox problem may be to do with the browser itself and how it interacts with the forum software, this was supposedly addressed. However we can check this out if the need again in due course.

Truthfully, it seems my computer does not work as well as before I ran the Tweaking program.

Fair play and a pity as the logs indicate all went well but obviously not, so we will undo that via invoking the registry backup then go from there.

Invoke a Registry Backup:

Launch Windows Repair (All In One)...

• Then click on the Step 5: Backup tab, under:-

1. Registry Backup
(Primary & Recommended)

• Click on the Restore button >> a window called Registry Backup should appear.
• Now click on the Restore Registry tab.
• Then click on the drop down button beside the Select backup to Restore box, to reveal the backups that are available.
• Select the backup from the date and time you created it(There may be two as JRT would have created one and do not select that one if present)
• Now click on the Restore Now button in the bottom left hand corner of the window.
• At the Restore Registry Now? prompt select Yes.
• Once the restoration is completed, Successful 17/17 Registry Files Restored(the number of files may vary) should be denoted.
• If you receive a prompt to reboot your machine do so and if not reboot manually.

Next:

Let myself know when completed the above and if it was successful or not and if your machine is now performing as it was before the windows repair, thank you.

[mtnester]

Dakeyras,

 

Registry restore accomplished with 11/11 files restored. Will check performance later tonight after my tax preparation appointment. It's that time of year in the US.

[Dakeyras]

Acknowledged.