[BeachBumBum]

Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015

Ran by Me at 2015-07-11 22:16:53 Run:1

Running from C:\Users\Me\Desktop

Loaded Profiles: Me (Available Profiles: Me)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

HKLM-x32\...\runonceex: [Flags] => 

HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\...\MountPoints2: F - "F:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\...\MountPoints2: {6073ecfa-09ed-11e0-b96c-806e6f6e6963} - "H:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\...\MountPoints2: {789f252d-b893-11e1-95ae-d48564179193} - E:\Autorun.exe /s

HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File not found

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

URLSearchHook: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File

URLSearchHook: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\.DEFAULT -> {2D21A907-C1FE-4CBE-A9F4-CD8441B29B1E} URL = 

SearchScopes: HKU\.DEFAULT -> {33532E57-ED6E-4D55-A0B4-A91A2D3A7A46} URL = 

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File

Handler: viprotocol - No CLSID Value

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File

FF Plugin HKU\S-1-5-21-2418151325-680678365-4071922823-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Me\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKU\S-1-5-21-2418151325-680678365-4071922823-1001: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll No File

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\yubur1s0.default\Extensions\[email protected] [2015-04-30]

2015-06-07 03:00 - 2015-05-15 01:12 - 00000376 _____ C:\Windows\Tasks\REGSERVO.job

2015-06-02 16:24 - 2013-11-21 03:21 - 00000000 ____D C:\ProgramData\ProductData

2015-06-16 18:37 - 2012-06-30 14:58 - 00000000 ____D C:\Users\Me\AppData\Roaming\IObit

2015-06-16 18:37 - 2012-06-30 14:58 - 00000000 ____D C:\ProgramData\IObit

2015-06-09 19:39 - 2015-04-16 02:00 - 00002892 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Me

2013-09-15 02:25 - 2014-06-04 15:11 - 0003710 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

2012-01-23 21:52 - 2012-01-23 21:52 - 0001854 _____ () C:\Users\Me\AppData\Roaming\GhostObjGAFix.xml

Task: {149159FA-6936-4264-924C-8489A5FE5627} - \ProPCCleaner_Start No Task File <==== ATTENTION

Task: {350C7E68-0AA0-4C1B-B0DA-A02DDD25FEC2} - System32\Tasks\Driver Booster SkipUAC (Me) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

Task: {A8E22EB9-48CE-4B28-BAD0-8A842C9A0529} - System32\Tasks\{1629ABD6-14D9-448D-B81E-EFB00FFAFA54} => pcalua.exe -a "C:\Program Files (x86)\IObit\Advanced SystemCare 6\SecurityHole_Backup\KB2467173.exe" -d "C:\Program Files (x86)\IObit\Advanced SystemCare 6" -c /quiet /norestart

Task: {B11B24C1-AF41-494D-B010-04FD2CDF11E3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)

Task: {BDF0B3B6-B2CF-4699-9BAF-21AEA1C596DB} - System32\Tasks\{27BA5220-A105-426D-A5DB-D37B5A0B0E49} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2015-06-08] (IObit)

Task: {C664EE58-FD55-471E-A5B8-38FC4ACBBD3A} - System32\Tasks\DSite => C:\Users\Me\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {C731D637-78CF-4CF7-B14C-37204159A07D} - \Updater19962.exe No Task File <==== ATTENTION

Task: {E52EE3AC-CBBB-4062-B918-C2C860668405} - \Advanced System Protector No Task File <==== ATTENTION

Task: {E9C03BB7-2450-4EB6-AD37-CF3092352422} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

Task: {FFC41751-65C9-4A5C-B98F-7BA1F24E4A56} - System32\Tasks\Uninstaller_SkipUac_Me => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)

Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

HKU\.DEFAULT\Software\Classes\exefile:  <===== ATTENTION!

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Classes\exefile:  <===== ATTENTION!

C:\Program Files (x86)\AVG SafeGuard toolbar

C:\PROGRA~2\SearchProtect

C:\Program Files (x86)\Common Files\AVG Secure Search

C:\Users\Me\AppData\Roaming\DSite

C:\Program Files\REGSERVO

C:\Program Files (x86)\PC Tools Firewall Plus

C:\Users\Me\AppData\Roaming\PCToolsFirewallPlus

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

Hosts:

EmptyTemp:

 

 

 

*****************

 

Restore point was successfully created.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\Flags => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\Title => value removed successfully

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6073ecfa-09ed-11e0-b96c-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{6073ecfa-09ed-11e0-b96c-806e6f6e6963} => key not found. 

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{789f252d-b893-11e1-95ae-d48564179193}" => key removed successfully

HKCR\CLSID\{789f252d-b893-11e1-95ae-d48564179193} => key not found. 

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value removed successfully

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => value data removed successfully.

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Google" => key removed successfully

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => value removed successfully

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully

HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 

"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D21A907-C1FE-4CBE-A9F4-CD8441B29B1E}" => key removed successfully

HKCR\CLSID\{2D21A907-C1FE-4CBE-A9F4-CD8441B29B1E} => key not found. 

"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33532E57-ED6E-4D55-A0B4-A91A2D3A7A46}" => key removed successfully

HKCR\CLSID\{33532E57-ED6E-4D55-A0B4-A91A2D3A7A46} => key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully

HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully

"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully

HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 

HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} => value removed successfully

HKCR\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612} => key not found. 

"HKCR\PROTOCOLS\Handler\viprotocol" => key removed successfully

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer" => key removed successfully

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully

C:\Users\Me\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\MozillaPlugins\eagleget.com/EagleGet64" => key removed successfully

C:\Program Files (x86)\EagleGet\npEagleget64.dll not found.

C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\yubur1s0.default\Extensions\[email protected] => moved successfully.

C:\Windows\Tasks\REGSERVO.job => moved successfully.

C:\ProgramData\ProductData => moved successfully.

C:\Users\Me\AppData\Roaming\IObit => moved successfully.

C:\ProgramData\IObit => moved successfully.

C:\Windows\System32\Tasks\Uninstaller_SkipUac_Me => moved successfully.

C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully.

C:\Users\Me\AppData\Roaming\GhostObjGAFix.xml => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{149159FA-6936-4264-924C-8489A5FE5627}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149159FA-6936-4264-924C-8489A5FE5627}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{350C7E68-0AA0-4C1B-B0DA-A02DDD25FEC2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{350C7E68-0AA0-4C1B-B0DA-A02DDD25FEC2}" => key removed successfully

C:\Windows\System32\Tasks\Driver Booster SkipUAC (Me) => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Me)" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8E22EB9-48CE-4B28-BAD0-8A842C9A0529}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E22EB9-48CE-4B28-BAD0-8A842C9A0529}" => key removed successfully

C:\Windows\System32\Tasks\{1629ABD6-14D9-448D-B81E-EFB00FFAFA54} => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1629ABD6-14D9-448D-B81E-EFB00FFAFA54}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B11B24C1-AF41-494D-B010-04FD2CDF11E3}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B11B24C1-AF41-494D-B010-04FD2CDF11E3}" => key removed successfully

C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDF0B3B6-B2CF-4699-9BAF-21AEA1C596DB}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF0B3B6-B2CF-4699-9BAF-21AEA1C596DB}" => key removed successfully

C:\Windows\System32\Tasks\{27BA5220-A105-426D-A5DB-D37B5A0B0E49} => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{27BA5220-A105-426D-A5DB-D37B5A0B0E49}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C664EE58-FD55-471E-A5B8-38FC4ACBBD3A}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C664EE58-FD55-471E-A5B8-38FC4ACBBD3A}" => key removed successfully

C:\Windows\System32\Tasks\DSite => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C731D637-78CF-4CF7-B14C-37204159A07D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C731D637-78CF-4CF7-B14C-37204159A07D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater19962.exe" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E52EE3AC-CBBB-4062-B918-C2C860668405}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E52EE3AC-CBBB-4062-B918-C2C860668405}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9C03BB7-2450-4EB6-AD37-CF3092352422}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9C03BB7-2450-4EB6-AD37-CF3092352422}" => key removed successfully

C:\Windows\System32\Tasks\REGSERVO => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGSERVO" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFC41751-65C9-4A5C-B98F-7BA1F24E4A56}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFC41751-65C9-4A5C-B98F-7BA1F24E4A56}" => key removed successfully

C:\Windows\System32\Tasks\Uninstaller_SkipUac_Me not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Me" => key removed successfully

C:\Windows\Tasks\REGSERVO.job not found.

"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully

"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Classes\exefile" => key removed successfully

"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Folder not found.

"C:\PROGRA~2\SearchProtect" => File/Folder not found.

"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found.

"C:\Users\Me\AppData\Roaming\DSite" => File/Folder not found.

"C:\Program Files\REGSERVO" => File/Folder not found.

C:\Program Files (x86)\PC Tools Firewall Plus => moved successfully.

C:\Users\Me\AppData\Roaming\PCToolsFirewallPlus => moved successfully.

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

{D25C89D6-28BB-46E6-9F19-4B427E8A3E68} canceled.

1 out of 1 jobs canceled.

 

========= End of CMD: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

EmptyTemp: => 456 MB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 22:17:39 ====

[Advertisements]

Hi BeachBumBum

You did good with the FRST fix.

Here are the next steps for you.

Step1 - Junkware Removal Tool


Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - Adwcleaner


Download AdwCleaner from here to the Desktop

• Close all open windows and browsers
• Double click the Adwcleaner icon to execute the program
• When the Tool opens for the first time accept the Terms of use
  
• Click the Scan button and wait for the program to finish.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
• Please copy/paste the generated log to your next reply.

Things for your next post:

• JRT.txt
• AdwCleaner[S*].txt
• How is your computer running now?
  
  Thanks

[Bruce1270]

Hi BeachBumBum

You did good with the FRST fix.

Here are the next steps for you.

Step1 - Junkware Removal Tool


Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - Adwcleaner


Download AdwCleaner from here to the Desktop

• Close all open windows and browsers
• Double click the Adwcleaner icon to execute the program
• When the Tool opens for the first time accept the Terms of use
  
• Click the Scan button and wait for the program to finish.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
• Please copy/paste the generated log to your next reply.

Things for your next post:

• JRT.txt
• AdwCleaner[S*].txt
• How is your computer running now?
  
  Thanks

[BeachBumBum]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.4.5 (07.12.2015:1)

OS: Windows 7 Home Premium x64

Ran by Me on Sun 07/12/2015 at 12:59:49.46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully deleted: [Service] yahooauservice [Reboot required]

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271147}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update WiseEnhance

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util WiseEnhance

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec

Successfully deleted: [Folder] C:\ProgramData\sparktrust

Successfully deleted: [Folder] C:\Users\Me\appdata\local\tempdir

Successfully deleted: [Folder] C:\Users\Me\AppData\Roaming\pc-gizmos

Successfully deleted: [Folder] C:\Users\Me\AppData\Roaming\productdata

Successfully deleted: [Folder] C:\Users\Me\AppData\Roaming\sparktrust

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] C:\Users\Me\AppData\Roaming\mozilla\firefox\profiles\yubur1s0.default\searchplugins\safeguard-secure-search.xml

Successfully deleted the following from C:\Users\Me\AppData\Roaming\mozilla\firefox\profiles\yubur1s0.default\prefs.js

 

user_pref(CT3298566.FirstTime, true);

user_pref(CT3298566.FirstTimeFF3, true);

user_pref(CT3298566.PG_ENABLE, dHJ1ZQ==);

user_pref(CT3298566.SF_JUST_INSTALLED.enc, RkFMU0U=);

user_pref(CT3298566.SF_STATUS.enc, RU5BQkxFRA==);

user_pref(CT3298566.TopHitsConfig.enc, ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zc

user_pref(CT3298566.UserID, UN27599149202583457);

user_pref(CT3298566.YTbyClickFavorites.enc, W10=);

user_pref(CT3298566.YTbyClickRecent.enc, W10=);

user_pref(CT3298566.addressBarTakeOverEnabledInHidden, true);

user_pref(CT3298566.browser.search.defaultthis.engineName, true);

user_pref(CT3298566.cbfirsttime.enc, U2F0IFNlcCAyOCAyMDEzIDIwOjMzOjMxIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp);

user_pref(CT3298566.countryCode, US);

user_pref(CT3298566.firstTimeDialogOpened, true);

user_pref(CT3298566.fixPageNotFoundErrorByUser, TRUE);

user_pref(CT3298566.fixPageNotFoundErrorInHidden, true);

user_pref(CT3298566.fullUserID, UN27599149202583457.XX.20130928203231);

user_pref(CT3298566.isCheckedStartAsHidden, true);

user_pref(CT3298566.isFirstTimeToolbarLoading, false);

user_pref(CT3298566.lastVersion, 10.19.2.505);

user_pref(CT3298566.mam_gk_appStateReportTime, %B7%B9%BF%BB%BF%BD%B9%BB%BC%B6%BA%B7%BE);

user_pref(CT3298566.mam_gk_appStateReportTime.enc, MTM5NTk3MzU2MDQxOA==);

user_pref(CT3298566.mam_gk_appState_ACplus.enc, b24=);

user_pref(CT3298566.mam_gk_appState_Clarity_Active, %F5%F4);

user_pref(CT3298566.mam_gk_appState_Clarity_Active.enc, b24=);

user_pref(CT3298566.mam_gk_appState_CouponBuddy.enc, b24=);

user_pref(CT3298566.mam_gk_appState_Discover.enc, b24=);

user_pref(CT3298566.mam_gk_appState_Easytobook.enc, b24=);

user_pref(CT3298566.mam_gk_appState_Easytobook_targeted.enc, b24=);

user_pref(CT3298566.mam_gk_appState_Find-a-Pro.enc, b24=);

user_pref(CT3298566.mam_gk_appState_PiclickV2-WebSearch.enc, b24=);

user_pref(CT3298566.mam_gk_appState_PriceGong.enc, b24=);

user_pref(CT3298566.mam_gk_appState_WindowShopper.enc, b24=);

user_pref(CT3298566.mam_gk_appsConfig.enc, eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY

user_pref(CT3298566.mam_gk_appsDefaultEnabled, %F4%FB%F2%F2);

user_pref(CT3298566.mam_gk_appsDefaultEnabled.enc, bnVsbA==);

user_pref(CT3298566.mam_gk_currentBadgeValue, %B7);

user_pref(CT3298566.mam_gk_currentBadgeValue.enc, MQ==);

user_pref(CT3298566.mam_gk_currentVersion, %B7%B4%B7%B9%B4%B6%B4%B7%BD);

user_pref(CT3298566.mam_gk_currentVersion.enc, MS4xMy4wLjE3);

user_pref(CT3298566.mam_gk_existingUsersRecoveryDone.enc, MQ==);

user_pref(CT3298566.mam_gk_first_time, %B7);

user_pref(CT3298566.mam_gk_first_time.enc, MQ==);

user_pref(CT3298566.mam_gk_installer_preapproved.enc, VFJVRQ==);

user_pref(CT3298566.mam_gk_lastLoginTime, %B7%B9%BF%BB%BF%BD%B9%BB%BC%B6%BE%BA%B8);

user_pref(CT3298566.mam_gk_lastLoginTime.enc, MTM5NTk3MzU2MDg0Mg==);

user_pref(CT3298566.mam_gk_localization.enc, eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXB

user_pref(CT3298566.mam_gk_newApps, %E1%E3);

user_pref(CT3298566.mam_gk_newApps.enc, W10=);

user_pref(CT3298566.mam_gk_new_welcome_experience.enc, MQ==);

user_pref(CT3298566.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);

user_pref(CT3298566.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo

user_pref(CT3298566.mam_gk_settings1.12.0.5, ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%

user_pref(CT3298566.mam_gk_settings1.12.0.5.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMTkiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3Q

user_pref(CT3298566.mam_gk_settings1.13.0.17, ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7

user_pref(CT3298566.mam_gk_settings1.13.0.17.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAzMjgiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSy

user_pref(CT3298566.mam_gk_showWelcomeGadget, %EC%E7%F2%F9%EB);

user_pref(CT3298566.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);

user_pref(CT3298566.mam_gk_stamp, %B7%B6%BA%B9%E5%B6);

user_pref(CT3298566.mam_gk_stamp.enc, MTA0M18w);

user_pref(CT3298566.mam_gk_userBornDate, %D4%B5%C7);

user_pref(CT3298566.mam_gk_userBornDate.enc, Ti9B);

user_pref(CT3298566.mam_gk_userId, %EC%B7%BF%BA%B7%BA%B9%BF%B3%E8%BF%BF%E7%B3%BA%EB%BF%E8%B3%BE%EC%EC%B8%B3%EA%E7%BC%E7%BC%B8%EB%BC%EB%BE%EA%BE);

user_pref(CT3298566.mam_gk_userId.enc, ZjE5NDE0MzktYjk5YS00ZTliLThmZjItZGE2YTYyZTZlOGQ4);

user_pref(CT3298566.mam_gk_user_approval_interacted, %B7);

user_pref(CT3298566.mam_gk_user_approval_interacted.enc, MQ==);

user_pref(CT3298566.mam_gk_welcomeDialogMode, %B7);

user_pref(CT3298566.mam_gk_welcomeDialogMode.enc, MQ==);

user_pref(CT3298566.originalHomepage, chrome://branding/locale/browserconfig.properties);

user_pref(CT3298566.originalSearchEngine, Google);

user_pref(CT3298566.originalSearchEngineName, Google);

user_pref(CT3298566.price-gong.isManagedApp, true);

user_pref(CT3298566.revertSettingsEnabled, false);

user_pref(CT3298566.search.searchAppId, 130110228003246321);

user_pref(CT3298566.search.searchCount, 0);

user_pref(CT3298566.searchFromAddressBarEnabledByUser, false);

user_pref(CT3298566.searchInNewTabEnabledByUser, false);

user_pref(CT3298566.searchInNewTabEnabledInHidden, true);

user_pref(CT3298566.searchSuggestEnabledByUser, false);

user_pref(CT3298566.searchUserMode, 2);

user_pref(CT3298566.serviceLayer_services_Configuration_lastUpdate, 1395973661582);

user_pref(CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1394489694658);

user_pref(CT3298566.serviceLayer_services_appsMetadata_lastUpdate, 1395973554274);

user_pref(CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1394489694658);

user_pref(CT3298566.serviceLayer_services_login_10.19.2.505_lastUpdate, 1395973571261);

user_pref(CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1394489694663);

user_pref(CT3298566.serviceLayer_services_searchAPI_lastUpdate, 1395973661480);

user_pref(CT3298566.serviceLayer_services_serviceMap_lastUpdate, 1395973661418);

user_pref(CT3298566.serviceLayer_services_setupAPI_lastUpdate, 1380414754244);

user_pref(CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate, 1394489694657);

user_pref(CT3298566.serviceLayer_services_toolbarSettings_lastUpdate, 1395973553159);

user_pref(CT3298566.serviceLayer_services_translation_lastUpdate, 1395973661519);

user_pref(CT3298566.settingsINI, true);

user_pref(CT3298566.showToolbarPermission, false);

user_pref(CT3298566.smartbar.CTID, CT3298566);

user_pref(CT3298566.smartbar.Uninstall, 0);

user_pref(CT3298566.smartbar.homepage, true);

user_pref(CT3298566.smartbar.isHidden, true);

user_pref(CT3298566.smartbar.toolbarName, MixiDJ V30 );

user_pref(CT3298566.toolbarBornServerTime, 28-8-2013);

user_pref(CT3298566.toolbarCurrentServerTime, 28-3-2014);

user_pref(CT3298566.toolbarLoginClientTime, Sat Sep 28 2013 20:32:34 GMT-0400 (Eastern Standard Time));

user_pref([email protected], true);

user_pref(extensions.iobitascsurfingprotection@iobit.com.install-event-fired, true);

user_pref(extensions.securespeeddial.amazonPromotionEnabled, false);

user_pref(extensions.xpiState, {\app-profile\:{\feedly@devhd\:{\d\:\C:\\\\Users\\\\Me\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\yubur1s0.default\\\\

user_pref(smartbar.defaultSearchOwnerCTID, CT3298566);

user_pref(smartbar.homePageOwnerCTID, CT3298566);

user_pref(smartbar.machineId, 8FY4UWJHBIPQCVTP9KAX2P5XGD5MAHECQ3LWUDLZ0IWVU6RJEB6LNAYDBOFZEJ8OPBQRCTP266CYOTBXA0BNIQ);

user_pref(startpage.ntsearch_url, hxxp://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms});

Emptied folder: C:\Users\Me\AppData\Roaming\mozilla\firefox\profiles\yubur1s0.default\minidumps [1 files]

 

 

 

~~~ Chrome

 

 

[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

  gjkpcnacdgdlpfejlgflolpaigoicibh,

  gkcefkcdkepgkpbgncjchhbjgoanleod,

  glmfgahfleepmdfffonfckpmkondpdkg,

  oilkkkefbalmbfppgjmgjoefbclebkce

]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 07/12/2015 at 13:04:43.45

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Okay getting ready to run the AdwCleaner now

[BeachBumBum]

I ran the AdwCleaner like you said, but it got stuck on "Waiting for action.  Please uncheck elements you want to keep".  Nothing showed up and the only buttons are:  CLEANING (Which has an X on it), LOGFILE and UNINSTALL.  What do I need to do?  BTW...I closed the browser while scanning before I posted this.  The SCAN button is grayed out.

Edited by BeachBumBum, 12 July 2015 - 11:24 AM.

[BeachBumBum]

Okay, I figured it out.  But I have one question.  Should I keep AdwCleaner and JRT on my computer to run every so often?  Will these help to keep my computer clean?  Also, do I need to change all my passwords that I've used since this problem?  Anyways...here's the report from AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 12/07/2015 at 15:57:38

# Updated 09/07/2015 by Xplode

# Database : 2015-07-11.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Me - ME-HP

# Running from : C:\Users\Me\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Driver Boost

Folder Deleted : C:\Program Files (x86)\DriverBoost

Folder Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen

File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg

File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage

File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

File Deleted : C:\Users\Me\AppData\Local\GDIPFONTCACHEV1.DAT

File Deleted : C:\Users\Me\AppData\Roaming\GDIPFONTCACHEV1.DAT

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\Myfree Codec

Key Deleted : HKCU\Software\usyndication.com

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\USyndication

Key Deleted : HKCU\Software\Define Ext

Key Deleted : HKCU\Software\Appscion

Key Deleted : HKCU\Software\AppDataLow\Software\Slick Savings

Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\FlvPlayer

Key Deleted : HKLM\SOFTWARE\Myfree Codec

Key Deleted : HKLM\SOFTWARE\SP Global

Key Deleted : HKLM\SOFTWARE\SProtector

Key Deleted : HKLM\SOFTWARE\Define Ext

Key Deleted : HKU\.DEFAULT\Software\IObit Apps

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;localhost

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

 

-\\ Mozilla Firefox v38.0.1 (x86 en-US)

 

 

-\\ Google Chrome v43.0.2357.132

 

[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN49909181213039174&ctid=CT3277370&UM=2

[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyEtCyBzytCzytA0B0B0F0DtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StB0AtCzz0AyD0AtAtG0AtC0F0EtGyBtAzy0EtGzytDzyyEtGtD0ByDtB0EzzyBzytCtDzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0EtD0B0FtA0BzytGyDyC0B0EtGyE0Bzz0CtGzzyD0CyCtGtDyEyDzyyB0CyCtD0B0BtDyB2Q&cr=1177079610&ir=

[C:\Users\TEMP.Me-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\TEMP.Me-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [7603 bytes] - [12/07/2015 13:13:12]

AdwCleaner[S0].txt - [6947 bytes] - [12/07/2015 15:57:38]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7006  bytes] ##########

Edited by BeachBumBum, 12 July 2015 - 02:04 PM.

[Bruce1270]

Hi BeachBumBum

Things are taking shape. . At the end of the cleaning process I will give you some advice on what programs to run and some prevention tips. In your next post don't forget to tell me how the computer is running now.

Here are the next steps for you.

Step1 - Malwarebytes scan

I see you already have Malwarebytes installed.

• Launch Malwarebytes Anti-Malware
• In Database version section, click Update Now
• Once the update is done, click Settings>Detection and Protection
• Make sure that all three boxes under Detection Options are checked
  
• Go back to Dashboard and click the green Scan Now button.
• If threats are detected click on Apply actions, the program will ask to reboot the machine.
  
• Click Yes.
• On completion of the scan (or after the reboot) select View Detailed Log
• Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
• Copy and Paste the contents of the log in your next reply.
  
  
  Step2 - ESET on line scan
  
  
  Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  
  Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  
  
• Please go here then click on .
• You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  
  All of the following instructions work with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on Start.
• When prompted allow Add-On/Active X to install.
• Make sure Enable detection of potentially unwanted applications is selected.
• Click the Advanced Settings link.
• Make sure Remove found threats is NOT checked.
• Make sure Scan archives IS checked.
• Make sure Scan for potentially unsafe applications IS checked.
• Make sure Enable Anti-Stealth technology IS checked
  
  
  
• Now click on Start.
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.
  Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  
  Things for your next post:
• MBAM log
• ESET log
• How does your computer seem to be now?
  
  Thanks

[BeachBumBum]

I already had MBAM on my computer.  Here is the scan results, and I asked you a question on my last post regarding what I should have on my computer to run scans with, ie. AdwCleaner, JRT, etc.  And my computer has been running okay since I finally got it restored to a previous point but was sure there was still Maleware on it.  I downloaded the Eset from Chrome and ran it.  I don't know if I did it right or not.

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/12/2015

Scan Time: 10:53:46 PM

Logfile: MBAM log.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.07.12.04

Rootkit Database: v2015.07.10.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Me

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 447725

Time Elapsed: 14 min, 7 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

 

(end)

________________________________________________

 

C:\FRST\Quarantine\C\ProgramData\IObit\ASCDownloader\ASC8\Driver Booster 2.exe a variant of Win32/OpenCandy.C potentially unsafe application

 

[Essexboy]

Bruce is away for a few days so I will finish off
 

Should I keep AdwCleaner and JRT on my computer to run every so often

As these programmes are continuously updated then just download and use as required
 

Also, do I need to change all my passwords that I've used since this problem?

There were no indications of a key logger so you should be OK

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

[BeachBumBum]

Essexboy, thank you for following up with Bruce.  I have a few questions before we close this thread, if that's okay with you.  First, I ran Delfix and then tried to find Java in my Control Panel but could not locate it.  I can't locate it in Chrome and haven't tried going directly to IE yet.  I haven't used IE or FireFox for a very long time, because I only use Chrome, so not sure how to find it in those browsers.  If you could please walk me through finding Java in control panel and disabling it for all browsers, I would appreciate it.  If you don't know already, I am using Win7.  I already have MBAM but do you think I need to uninstall and download from the site you recommended?  I have been using it for a very, very long time.  One last question (I promise...   )....I believe it was Bruce (but not sure, it could have been another moderator from a different thread) who told me to uninstall my PC Tools Firewall because it was discontinued.  He said that Windows Firewall is sufficient.   What is your take on that?  Should I continue to use Win Firewall or install a third party firewall with my avast!?  Just want to make sure I am using the right combination to keep my computer safe.  And thanks so much for yours and Bruce's help!!    

[Essexboy]

Java was showing as installed in your control panel : Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

In this case as you do not use it, then rather than search for it run Javara to remove all Java elements

I already have MBAM but do you think I need to uninstall and download from the site you recommended? I have been using it for a very, very long time

No I forgot to remove that instruction from my list
 

I believe it was Bruce (but not sure, it could have been another moderator from a different thread) who told me to uninstall my PC Tools Firewall because it was discontinued.  He said that Windows Firewall is sufficient.   What is your take on that?

The firewall with windows 7 is more than sufficient for normal usage
 
You can set Avast to stop PUP's (Potentially Unwanted Programmes) installing
 
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

[BeachBumBum]

I went to Cnet to download JavaRa but can't figure out how to use it.  It wanted me to update to a newer version, and now I have two versions and still can't figure out how to use them.

I want to put a screenshot on here, but don't know how to do it.  I googled how to do a print screen then tried using the sniping tool, and also the PrntScrn button, but they won't let me copy and paste here.  OMG I'm so computer illiterate!!  I thought I knew a FEW things, but dang it, I guess I need a nanny..ha.  I'm so sorry I'm taking up so much of your time.  You and Bruce have been so patient with me.  If you could just tell me how to do a screen print and paste it here, I can show you what I mean.  Thanks again.  

[BeachBumBum]

Okay so I found out how to use Photobucket to paste a screenshot.  If there's another simpler way, please let me know.  Thanks

 

Edited by BeachBumBum, 15 July 2015 - 02:46 PM.

[Essexboy]

Click the remove java runtime button and follow the prompts



Press Run uninstaller

[BeachBumBum]

Okay did that.  It kept asking me if I wanted to get the latest version again, though.  But I just ignored it, and continued.  Was using Photobucket the best and fastest way to do a screenshot?  It wasn't fast for me.  Took me a long time to do it.  If there were a faster way, I would love to know.

 

Anyways, thank you so very much for all your help.  And I guess I am done with everything.  You and Bruce have been so sweet and patient to help me.  God bless you both and have a wonderful day.  

[Essexboy]

You can use the windows snipping tool

http://www.7tutorial...e-snipping-tool