[zep516]

Reinstall it,

• Please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.

[Advertisements]

I checked my Programs list and it said something along the lines of "Something went wrong when uninstalling Malwarebytes, would you like to remove it from your Programs list?"

[BrendanV]

I checked my Programs list and it said something along the lines of "Something went wrong when uninstalling Malwarebytes, would you like to remove it from your Programs list?"

[zep516]

Go ahead and remove it, then reinstall it, see my post #16 for doing that.

Joe

[BrendanV]

Ok, sorry for taking so long but I think this is what you were talking about right?

Attached Files

•  Malwarebytes Log.txt   6.61KB   248 downloads

[zep516]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2015
Scan Time: 9:12:31 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.04.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Brendan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396559
Time Elapsed: 32 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.AdobeExtendedPlugin.C, C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe, 3844, , [246e7fe9d3b7ca6c8fa2201c30d2fe02]

Modules: 0
(No malicious items detected)

Registry Keys: 13
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [8e04c6a2a3e7bc7a85762215ff0413ed],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [8e04c6a2a3e7bc7a85762215ff0413ed],
PUP.Optional.QuickRef.A, HKLM\SOFTWARE\WOW6432NODE\QuickRef_1.10.0.9, , [a6ec1256e0aa70c6b67979497c872ad6],
PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\WOW6432NODE\LOCALTEMP, , [157d61074941ca6c26db7942ca39a957],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [c1d1ee7acebc4fe7bef99daf51b47789],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, , [3d55a5c3deac6ec8752f10c8b74c1de3],
PUP.Optional.Salus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mwiynzm4ndy1yjz, , [a9e988e07f0bb97d73196460d82b4db3],
PUP.Optional.QuickRef.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qrnfd_1_10_0_9, , [365c48204e3c87afc46e6062927133cd],
PUP.Optional.Nosibay.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Nosibay, , [048e87e14f3ba69024fcfbd06d9611ef],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, , [ddb5d395d7b364d28eaa973a09fa39c7],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [2e642a3e127863d3c6dfd367669f936d],
PUP.Optional.WindApp.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\STORE\WindApp Tag, , [137f95d335555fd7f3521ca1a75c58a8],
PUP.Optional.SelectionTool.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WTOOLS\Selection Tools Tag, , [fa98d2966624a98d4fc803c0bf442ed2],

Registry Values: 3
PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\WOW6432NODE\LOCALTEMP|GUID, CE3A2868-5A71-468D-AE9F-1354CF642F2F, , [157d61074941ca6c26db7942ca39a957]
PUP.Optional.WindApp.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WindApp, "C:\Users\Brendan\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup, , [6a28d4946129b185868d2c97ea1935cb]
PUP.Optional.SelectionTools.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Selection Tools, "C:\Users\Brendan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup, , [9bf7b5b34f3bf2443980c7ff46bdbc44]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Nosibay.A, C:\Users\Brendan\AppData\Roaming\Nosibay, , [cdc52e3a305a2115072c6145cd36a15f],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads, , [f0a2f474aae01b1b87060ea24eb506fa],

Files: 19
PUP.Optional.AdobeExtendedPlugin.C, C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe, , [246e7fe9d3b7ca6c8fa2201c30d2fe02],
PUP.Optional.AdobeExtendedPlugin.C, C:\ProgramData\{3a0c3e94-ebf8-9e2d-3a0c-c3e94ebffa53}\civilization 4 game.exe, , [f69c94d40783e254f43d102c56ac08f8],
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\BDL.dll, , [4949ce9ad6b41125dd36f9400bf77789],
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\VCL.dll, , [a6ec2840bcce1b1bbccdda61ac56e818],
PUP.Optional.OutBrowse, C:\Users\Brendan\Downloads\3DS_Emulator.exe, , [c7cbbeaa17734ceaeb388bb01ce621df],
PUP.Optional.AdobeExtendedPlugin.C, C:\Users\Brendan\Downloads\Sid Meies Civilization IV Full Download For PC.exe, , [d8bae583bdcd2d09c869b686f70b2ed2],
PUP.Optional.VCL.A, C:\Windows\System32\VCLOff.ini, , [ace6293ff5952f07a28612a4857ee41c],
PUP.Optional.VCL.A, C:\Windows\SysWOW64\VCLOff.ini, , [81115711602ad1656dbb8135966db34d],
PUP.Optional.BasementDuster.A, C:\Windows\System32\BasementDusterOff.ini, , [7e140068543685b13e238f28c63d6a96],
PUP.Optional.BasementDuster.A, C:\Windows\SysWOW64\BasementDusterOff.ini, , [8a0889df3753d1657ee30ea9659e3bc5],
PUP.Optional.Trovi.A, C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml, , [246e4622127871c55bac32871be8649c],
PUP.Optional.SelectionTools.A, C:\Users\Brendan\AppData\Roaming\Selection Tools.installation.log, , [454df276d9b184b2f76e388a956ef40c],
PUP.Optional.Bubbledock.A, C:\Users\Brendan\AppData\Roaming\Bubble Dock.boostrap.log, , [0b8770f83b4f1c1a3197a622ec17e41c],
PUP.Optional.Bubbledock.A, C:\Users\Brendan\AppData\Roaming\Bubble Dock.installation.log, , [cec4bcac0a80d2644682e2e607fcf10f],
PUP.Optional.WindApp.A, C:\Users\Brendan\AppData\Roaming\WindApp.boostrap.log, , [0092e4840a8091a526a33890ec178779],
PUP.Optional.WindApp.A, C:\Users\Brendan\AppData\Roaming\WindApp.installation.log, , [157dc1a74743b482c306ad1b09faae52],
PUP.Optional.MindSpark.A, C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage, , [6f23f672474381b56d2c44b259aabc44],
PUP.Optional.MindSpark.A, C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage-journal, , [a5ed2f39c0ca3df9fa9f32c4f90a966a],
PUP.Optional.Trovi.A, C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.trovi.com...=031715&SSPV="), ,[ade55d0b1b6ff145602ed3635aac30d0]

Physical Sectors: 0
(No malicious items detected)


(end)


It does not look like you quarantined anything;

Make sure you have done that,
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.

• Reboot your computer if prompted.

[BrendanV]

Ok here it is.

Attached Files

•  Malwarebytes Log.txt   7.03KB   310 downloads

[zep516]

Awesome !! I love to see the stuff go away

Here comes a fix, remember Copy, paste, run fix, post log.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 

CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...&D=040315&SSPV=
SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {ABDAE76F-7F4D-4D96-8974-D0DF805DD6F3} URL =
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M15D18B3C-B481-47C6-8CAF-1827BC06D7D7&SearchSource=55&CUI=&UM=8&UP=SP72707F87-9D5F-4DE3-958B-41D6F16D8D40&D=031715&SSPV=
FF NewTab: about:newtab
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml [2015-04-03]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
R1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
2015-03-16 23:13 - 2015-03-25 22:50 - 00000000 ____D () C:\ProgramData\3b347388000055a1
2015-03-16 22:15 - 2015-03-16 23:12 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\BitTorrent
2015-03-16 19:41 - 2015-03-16 19:41 - 00003270 _____ () C:\windows\System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl
2015-03-16 19:41 - 2015-03-16 19:41 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl
2015-03-16 18:10 - 2015-03-16 18:53 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-03-16 18:08 - 2015-03-16 18:11 - 00000000 ____D () C:\Users\Brendan\Documents\ProPCCleaner
2015-03-16 18:08 - 2015-03-16 18:08 - 00003196 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-03-16 18:08 - 2015-03-16 18:08 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Pro_PC_Cleaner
2015-03-16 21:51 - 2014-08-21 23:11 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
C:\Users\Torin\AppData\Local\Temp\oct1F35.tmp.exe
C:\Users\Torin\AppData\Local\Temp\oct9D77.tmp.exe
Task: {0215C75D-25FF-4855-B8B2-85D8BA044F77} - System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl => C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe [2015-03-15] () <==== ATTENTION
C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe
Task: {57BE5E2C-42A0-4AE6-9405-0AB2B78FDD0A} - System32\Tasks\SBWUpdateTask_Time_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
C:\Program Files\Common Files\SpeedBit
Task: {83B3623B-BC7F-49E7-BD77-D7D0442FBB88} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
C:\Program Files (x86)\Pro PC Cleaner
Task: {C9BEADB8-D8E5-47A1-8223-F4BA8C48E0D3} - \GPUP No Task File <==== ATTENTION
Task: {D80F0111-0C24-4936-9FFA-9CA913594EDA} - System32\Tasks\SBWUpdateTask_Logon_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
Task: {FDD312D7-29C4-4478-AB2A-06581E81D97D} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Brendan\OneDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

[BrendanV]

Ok here's the Fixlog

Attached Files

•  Fixlog.txt   13.66KB   238 downloads

[zep516]

Looking good !!

Next

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the logfile button and the log will open in Notepad.
• NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished and the PC has rebooted.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleaner
• Next
  
  Please download Junkware Removal Tool to your Desktop.
  
  Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  The tool will open and start scanning your system.
  Please be patient as this can take a while to complete, depending on your system's specifications.
  On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  Please post the contents of JRT.txt into your reply.
  
  
  In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
  Thanks
  Joe
• 
  

[BrendanV]

Ok heres the log.

 

# AdwCleaner v4.200 - Logfile created 03/04/2015 at 22:43:30

# Updated 29/03/2015 by Xplode

# Database : 2015-03-29.1 [Local]

# Operating system : Windows 8.1  (x64)

# Username : Brendan - JARVIS

# Running from : C:\Users\Brendan\Desktop\adwcleaner_4.200.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Innovative Solutions

Folder Deleted : C:\ProgramData\5aa2d5ae000008fe

Folder Deleted : C:\ProgramData\a2022b38000075bc

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

Folder Deleted : C:\Program Files (x86)\Uniblue

Folder Deleted : C:\Program Files (x86)\Salus

Folder Deleted : C:\Program Files (x86)\PrivateVPN

Folder Deleted : C:\Program Files (x86)\Innovative Solutions

Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions

Folder Deleted : C:\Users\Brendan\AppData\Local\Innovative Solutions

Folder Deleted : C:\Users\Brendan\AppData\Local\StormFall

Folder Deleted : C:\Users\Brendan\AppData\Roaming\Store

Folder Deleted : C:\Users\Brendan\AppData\Roaming\Uniblue

Folder Deleted : C:\Users\Brendan\AppData\Roaming\RHEng

Folder Deleted : C:\Users\Brendan\AppData\Roaming\WTools

Folder Deleted : C:\Users\Brendan\AppData\Roaming\StormFall

Folder Deleted : C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected]

Folder Deleted : C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected]

Folder Deleted : C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected]

File Deleted : C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\user.js

 

***** [ Scheduled tasks ] *****

 

Task Deleted : PC-Mechanic Maintenance

Task Deleted : PC-Mechanic Startup

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com

Key Deleted : HKLM\SOFTWARE\5c83d913-733a-5001-79ba-92a659287141

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKCU\Software\Store

Key Deleted : HKCU\Software\gameo

Key Deleted : HKCU\Software\WTools

Key Deleted : HKCU\Software\Super Optimizer

Key Deleted : HKCU\Software\ProPCCleanerLanguage

Key Deleted : HKCU\Software\ProPCCleanerConfig

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\Uniblue

Key Deleted : HKLM\SOFTWARE\StormWatchApp

Key Deleted : HKLM\SOFTWARE\Salus

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

 

[mc4mmp7v.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi");

 

-\\ Google Chrome v41.0.2272.118

 

[C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 

 

*************************

 

AdwCleaner[R1].txt - [21222 bytes] - [03/04/2015 22:41:10]

AdwCleaner[S1].txt - [5923 bytes] - [03/04/2015 22:43:30]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5982  bytes] ##########

[BrendanV]

Here's the other one.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.1 (04.02.2015:1)

OS: Windows 8.1 x64

Ran by Brendan on Fri 04/03/2015 at 22:51:35.14

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\windows\wininit.ini"

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\Brendan\AppData\Roaming\mozilla\firefox\profiles\mc4mmp7v.default\prefs.js

 

user_pref("extensions.2OGSnlAEEOB0CD42.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjs4qTn9qjCEpjU8rHr9pjnHpdk\")>-1){return;}}catch(e){}try{var d=[[\"tria

user_pref("extensions.2OGSnlAEEOB0CD42.url", "hxxp://sunveteranbox.info/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsEqdU9tMqLDe49CNU0llrMCMlNhd9FqjaHrjCEqdk8rjnMBzqUojw8rdrFqHa8rjCFrSh7hf

user_pref("extensions.Xh4esa1DqHUq4M71.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjs4qTn9qjCEpjU8rHr9pjnHpdk\")>-1){return;}}catch(e){}try{var d=[[\"tria

user_pref("extensions.Xh4esa1DqHUq4M71.url", "hxxp://toolkitstyle.us/sync2/?q=hfZ9ofV9CShEAen0rTaHrTaMg708BNmGWj8lkGhGheDUojw8rdrFqHaHqdwFrchIC7n0rjkErHw6rdnGrjw5tNhVCT94tMVKh

user_pref("extensions.kTZpZSjKs0bBofKo.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjs4qTn9qjCEpjU8rHr9pjnHpdk\")>-1){return;}}catch(e){}try{var d=[[\"tria

user_pref("extensions.xiBnKumjTM5eMbWc.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjs4qTn9qjCEpjU8rHr9pjnHpdk\")>-1){return;}}catch(e){}try{var d=[[\"tria

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 04/03/2015 at 22:56:10.43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[BrendanV]

What's next?

[zep516]

Malware has changed Chrome to a different build, you will need to reinstall Chrome;
Windows Vista/ Windows 7/ Windows 8

Uninstall / reinstall Chrome

1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
3.Click Programs and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

If you have Bookmarks that you want to save, you want to do that first.
Export / Import Bookmarks. https://support.goog...wer/96816?hl=en
Then reinstall Chrome from here-->http://www.google.com/chrome/

I would also reset Firefox;
How to reset Firefox:

• Click the menu button and then click help .
• From the Help menu choose Troubleshooting Information. ...
• Click the Reset Firefox… button in the upper-right corner of the
• Troubleshooting Information page.
• To continue, click Reset Firefox in the confirmation window that opens.

Let me know how things are after this.

Thanks
Joe

[BrendanV]

Ok I did that and it seems to have worked. Thank you. I really appreciate the help.

[zep516]

If there are no further issues, lets remove all the tools an log files,

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report.
  Paste it for my review.