Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE11 hijack [Closed]

Started by JayPlayer , May 06 2016 09:14 AM

  • This topic is locked This topic is locked

#1
JayPlayer
Posted 06 May 2016 - 09:14 AM

JayPlayer

    Member

  • Member
  • PipPip
  • 23 posts

Clicked instagram acct reset link (malware). IE11 & chrome open randomly, consistently to my homepage and cleaning out history/temp folders did nothing.

Attached Files


  • 0

Advertisements

#2
Essexboy
Posted 06 May 2016 - 10:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you saying that IE and Chrome open all by themselves with no input from you

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-3117627532-974020511-1547892993-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp01_14_28_ie&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0A0EtB0AzytB0B0DtAtBtN0D0Tzu0SzytByEtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0BtD0CtD0F0A0CtG0CzyyBtBtGyB0B0C0BtGtDzy0FtCtGyCzz0C0AtDtC0A0AtAyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyBzztBtA0ByDtGyE0C0EyEtGtAtDyEyEtG0A0EtByEtGtC0F0FyBtA0B0AtAtB0FyCzy2Q&cr=1405243333&ir=
SearchScopes: HKU\S-1-5-21-3117627532-974020511-1547892993-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp01_14_28_ie&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0A0EtB0AzytB0B0DtAtBtN0D0Tzu0SzytByEtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0BtD0CtD0F0A0CtG0CzyyBtBtGyB0B0C0BtGtDzy0FtCtGyCzz0C0AtDtC0A0AtAyEyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyBzztBtA0ByDtGyE0C0EyEtGtAtDyEyEtG0A0EtByEtGtC0F0FyBtA0B0AtAtB0FyCzy2Q&cr=1405243333&ir=
Toolbar: HKU\S-1-5-21-3117627532-974020511-1547892993-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-3117627532-974020511-1547892993-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3117627532-974020511-1547892993-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF user.js: detected! => C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\user.js [2014-07-12]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-04-24]
FF Extension: Search Manager for Mozilla Firefox - C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\Extensions\{5ccf2762-2b66-4dd5-9997-1103d12d3125}.xpi [2014-12-31] [not signed]
2016-02-08 08:15 - 2016-02-08 08:15 - 0000000 _____ () C:\Users\J. Albert Yanez\AppData\Local\{E6C23289-6FE0-4BFC-80C5-3549CA38429D}
Task: {0B78FD39-DA61-41E1-A872-6E8B2C35A7B3} - \ProgramUpdateCheck -> No File <==== ATTENTION
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI25522
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
JayPlayer
Posted 06 May 2016 - 12:01 PM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Yes, IE and Chrome open all by themselves with no input from me. And when I type on the keyboard it'll also open another IE. Thank you for posting by the way, I'm going to try the fixes now...Jay

 


  • 0

#4
JayPlayer
Posted 07 May 2016 - 01:40 AM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 03:24:35
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : J. Albert Yanez - LIGHTINGELSTORE
# Running from : C:\Users\J. Albert Yanez\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService
[-] Service Deleted : vToolbarUpdater19.4.0

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0516tb
[#] Folder Deleted : C:\ProgramData\Application Data\AVG SafeGuard toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0215tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0516tb
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\JustCloud
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Windows\Installer\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
[-] Folder Deleted : C:\Users\J. Albert Yanez\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\J. Albert Yanez\AppData\Local\FileTypeAssistant
[-] Folder Deleted : C:\Users\J. Albert Yanez\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\J. Albert Yanez\Documents\Add-in Express

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : LaunchApp

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Key Deleted : HKCU\Software\Define Ext
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Define Ext
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Define Ext
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Freecause
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\prefs.js] Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[-] [C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[-] [C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[-] [C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\prefs.js] Deleted : user_pref("iminent.version", "7.33.3.1");
[-] [C:\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\prefs.js] Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1376589709748,\"InstallEvent\":\"True\"}");
[-] [C:\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com
[-] [C:\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bakijjialdiiboeaknfpmflphhmljfkd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [31459 bytes] - [07/05/2016 03:24:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [30942 bytes] - [07/05/2016 03:22:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [31607 bytes] ##########


  • 0

#5
JayPlayer
Posted 07 May 2016 - 02:01 AM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I was answering an email just now and IE11 opened by itself in a separate tab!

It took (3) separate attempts at typing to post this as it also would switch from this posting to a new IE11 and going back would delete my post.

I’m typing in word right now and again it switched to another IE11 but at least it didn’t delete my typing.

Help! I will donate for sure…Jay

P.S. Window #4 just opened…


  • 0

#6
Essexboy
Posted 07 May 2016 - 08:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if there are any hidden services next

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#7
JayPlayer
Posted 07 May 2016 - 11:11 AM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

ComboFix 16-04-29.01 - J. Albert Yanez 05/07/2016 8:01:43.9.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7678.5090 [GMT -4:00]

Running from: C:\Users\J. Albert Yanez\Desktop\ComboFix.exe

AV: AVG Internet Security *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}

FW: AVG Internet Security *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}

SP: AVG Internet Security *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

C:\Users\J. Albert Yanez\AppData\Local\assembly\tmp

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_ctypes.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_elementtree.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_hashlib.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_multiprocessing.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_psutil_windows.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_socket.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_ssl.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_yappi.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\common.time34.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\hashobjs_ext.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\pyexpat.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\pysqlite2._sqlite.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\python27.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\pythoncom27.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\PyWinTypes27.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\select.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\thumbnails_ext.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\unicodedata.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\usb_ext.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32api.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32com.shell.shell.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32crypt.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32event.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32file.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32gui.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32inet.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32pdh.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32pipe.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32process.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32profile.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32security.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32ts.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\windows._lib_cacheinvalidation.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._animate.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._controls_.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._core_.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._gdi_.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._html2.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._misc_.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._windows_.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._wizard.pyd

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxbase30u_net_vc90.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxbase30u_vc90.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_adv_vc90.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_core_vc90.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_html_vc90.dll

C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_webview_vc90.dll

C:\Users\J. Albert Yanez\Documents\~WRD2559.tmp

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_ctypes.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_elementtree.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_hashlib.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_multiprocessing.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_psutil_windows.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_socket.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_ssl.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_yappi.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\common.time34.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\hashobjs_ext.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\pyexpat.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\pysqlite2._sqlite.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\python27.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\pythoncom27.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\PyWinTypes27.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\select.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\thumbnails_ext.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\unicodedata.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\usb_ext.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32api.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32com.shell.shell.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32crypt.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32event.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32file.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32gui.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32inet.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32pdh.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32pipe.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32process.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32profile.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32security.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32ts.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\windows._lib_cacheinvalidation.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._animate.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._controls_.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._core_.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._gdi_.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._html2.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._misc_.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._windows_.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._wizard.pyd

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxbase30u_net_vc90.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxbase30u_vc90.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_adv_vc90.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_core_vc90.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_html_vc90.dll

C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_webview_vc90.dll

C:\Windows\SysWow64\DEBUG.log

 

((((((((((((((((((((((((( Files Created from 2016-04-07 to 2016-05-07 )))))))))))))))))))))))))))))))

 

2016-05-07 12:43:48 . 2016-05-07 12:43:48 -------- d-----w- C:\Users\Default\AppData\Local\temp

2016-05-07 07:22:30 . 2016-05-07 07:24:35 -------- d-----w- C:\AdwCleaner

2016-05-06 18:18:17 . 2016-05-06 18:18:17 -------- d--h--w- C:\OneDriveTemp

2016-05-06 14:41:54 . 2016-05-06 15:42:27 -------- d-----w- C:\Users\J. Albert Yanez\AppData\Local\WinZip

2016-05-06 14:41:43 . 2016-05-06 14:41:50 -------- d-----w- C:\Program Files\WinZip

2016-05-06 14:40:57 . 2016-05-06 14:40:57 -------- d-----w- C:\ProgramData\UniqueId

2016-05-01 16:43:36 . 2016-05-01 16:43:36 -------- d-----w- C:\QuiC638.tmp

2016-05-01 16:43:36 . 2016-05-01 16:43:36 -------- d-----w- C:\QuiC637.tmp

2016-05-01 16:43:36 . 2016-05-01 16:43:36 -------- d-----w- C:\QuiC636.tmp

2016-05-01 16:42:14 . 2016-05-01 16:42:14 -------- d-----w- C:\Qui8265.tmp

2016-05-01 16:42:14 . 2016-05-01 16:42:14 -------- d-----w- C:\Qui8264.tmp

2016-05-01 16:42:14 . 2016-05-01 16:42:14 -------- d-----w- C:\Qui8254.tmp

2016-04-25 11:28:20 . 2016-05-07 11:57:52 192216 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys

2016-04-25 11:27:49 . 2016-04-26 12:48:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-04-25 11:27:49 . 2016-03-10 18:09:06 64896 ----a-w- C:\Windows\system32\drivers\mwac.sys

2016-04-25 11:27:49 . 2016-03-10 18:08:58 140672 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys

2016-04-24 21:33:56 . 2016-04-24 21:33:56 211152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

2016-04-24 21:33:42 . 2016-04-24 21:33:42 368920 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE

2016-04-24 21:33:42 . 2016-04-24 21:33:42 25344 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll

2016-04-20 18:17:48 . 2016-04-20 18:17:48 307456 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys

2016-04-18 13:04:22 . 2016-04-18 13:04:22 71936 ----a-w- C:\Windows\system32\drivers\avguniva.sys

2016-04-14 14:54:20 . 2016-04-14 14:54:20 51968 ----a-w- C:\Windows\system32\drivers\avgrkx64.sys

2016-04-14 10:03:53 . 2016-04-14 10:04:47 -------- dc----w- C:\Users\J. Albert Yanez\AppData\Local\MigWiz

2016-04-12 21:15:55 . 2016-03-11 18:57:00 2048 ----a-w- C:\Windows\system32\tzres.dll

2016-04-11 20:15:04 . 2016-05-07 13:06:47 -------- d-----r- C:\Users\J. Albert Yanez\OneDrive

2016-04-11 17:35:21 . 2016-04-11 17:33:48 110144 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-64.dll

2016-04-11 17:34:38 . 2016-04-24 14:18:16 -------- d-----w- C:\Program Files (x86)\Common Files\Java

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 


  • 0

#8
JayPlayer
Posted 07 May 2016 - 11:11 AM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
IE11 still opening!
  • 0

#9
Essexboy
Posted 07 May 2016 - 11:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the entire combofix log please as part Is missing

What page do the browsers open to ?
  • 0

#10
JayPlayer
Posted 07 May 2016 - 12:56 PM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
That's all it gave me, but here it is again. Let me know if I should run it again as I ran it this morning before ADCleaner as I forgot. IE11 opens only to my home page 'Google'

ComboFix 16-04-29.01 - J. Albert Yanez 05/07/2016 8:01:43.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7678.5090 [GMT -4:00]
Running from: C:\Users\J. Albert Yanez\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\J. Albert Yanez\AppData\Local\assembly\tmp
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_ctypes.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_elementtree.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_hashlib.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_multiprocessing.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_psutil_windows.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_socket.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_ssl.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\_yappi.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\common.time34.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\hashobjs_ext.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\pyexpat.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\pysqlite2._sqlite.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\python27.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\pythoncom27.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\PyWinTypes27.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\select.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\thumbnails_ext.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\unicodedata.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\usb_ext.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32api.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32com.shell.shell.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32crypt.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32event.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32file.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32gui.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32inet.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32pdh.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32pipe.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32process.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32profile.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32security.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\win32ts.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\windows._lib_cacheinvalidation.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._animate.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._controls_.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._core_.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._gdi_.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._html2.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._misc_.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._windows_.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wx._wizard.pyd
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxbase30u_net_vc90.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxbase30u_vc90.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_adv_vc90.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_core_vc90.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_html_vc90.dll
C:\Users\J. Albert Yanez\AppData\Local\Temp\_MEI29842\wxmsw30u_webview_vc90.dll
C:\Users\J. Albert Yanez\Documents\~WRD2559.tmp
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_ctypes.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_elementtree.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_hashlib.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_multiprocessing.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_psutil_windows.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_socket.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_ssl.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\_yappi.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\common.time34.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\hashobjs_ext.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\pyexpat.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\pysqlite2._sqlite.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\python27.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\pythoncom27.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\PyWinTypes27.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\select.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\thumbnails_ext.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\unicodedata.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\usb_ext.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32api.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32com.shell.shell.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32crypt.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32event.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32file.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32gui.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32inet.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32pdh.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32pipe.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32process.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32profile.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32security.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\win32ts.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\windows._lib_cacheinvalidation.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._animate.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._controls_.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._core_.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._gdi_.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._html2.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._misc_.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._windows_.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wx._wizard.pyd
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxbase30u_net_vc90.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxbase30u_vc90.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_adv_vc90.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_core_vc90.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_html_vc90.dll
C:\Users\JF918~1.ALB\AppData\Local\Temp\_MEI29842\wxmsw30u_webview_vc90.dll
C:\Windows\SysWow64\DEBUG.log


((((((((((((((((((((((((( Files Created from 2016-04-07 to 2016-05-07 )))))))))))))))))))))))))))))))


2016-05-07 12:43:48 . 2016-05-07 12:43:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2016-05-07 07:22:30 . 2016-05-07 07:24:35 -------- d-----w- C:\AdwCleaner
2016-05-06 18:18:17 . 2016-05-06 18:18:17 -------- d--h--w- C:\OneDriveTemp
2016-05-06 14:41:54 . 2016-05-06 15:42:27 -------- d-----w- C:\Users\J. Albert Yanez\AppData\Local\WinZip
2016-05-06 14:41:43 . 2016-05-06 14:41:50 -------- d-----w- C:\Program Files\WinZip
2016-05-06 14:40:57 . 2016-05-06 14:40:57 -------- d-----w- C:\ProgramData\UniqueId
2016-05-01 16:43:36 . 2016-05-01 16:43:36 -------- d-----w- C:\QuiC638.tmp
2016-05-01 16:43:36 . 2016-05-01 16:43:36 -------- d-----w- C:\QuiC637.tmp
2016-05-01 16:43:36 . 2016-05-01 16:43:36 -------- d-----w- C:\QuiC636.tmp
2016-05-01 16:42:14 . 2016-05-01 16:42:14 -------- d-----w- C:\Qui8265.tmp
2016-05-01 16:42:14 . 2016-05-01 16:42:14 -------- d-----w- C:\Qui8264.tmp
2016-05-01 16:42:14 . 2016-05-01 16:42:14 -------- d-----w- C:\Qui8254.tmp
2016-04-25 11:28:20 . 2016-05-07 11:57:52 192216 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-04-25 11:27:49 . 2016-04-26 12:48:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-25 11:27:49 . 2016-03-10 18:09:06 64896 ----a-w- C:\Windows\system32\drivers\mwac.sys
2016-04-25 11:27:49 . 2016-03-10 18:08:58 140672 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2016-04-24 21:33:56 . 2016-04-24 21:33:56 211152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-04-24 21:33:42 . 2016-04-24 21:33:42 368920 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-04-24 21:33:42 . 2016-04-24 21:33:42 25344 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-04-20 18:17:48 . 2016-04-20 18:17:48 307456 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys
2016-04-18 13:04:22 . 2016-04-18 13:04:22 71936 ----a-w- C:\Windows\system32\drivers\avguniva.sys
2016-04-14 14:54:20 . 2016-04-14 14:54:20 51968 ----a-w- C:\Windows\system32\drivers\avgrkx64.sys
2016-04-14 10:03:53 . 2016-04-14 10:04:47 -------- dc----w- C:\Users\J. Albert Yanez\AppData\Local\MigWiz
2016-04-12 21:15:55 . 2016-03-11 18:57:00 2048 ----a-w- C:\Windows\system32\tzres.dll
2016-04-11 20:15:04 . 2016-05-07 13:06:47 -------- d-----r- C:\Users\J. Albert Yanez\OneDrive
2016-04-11 17:35:21 . 2016-04-11 17:33:48 110144 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-64.dll
2016-04-11 17:34:38 . 2016-04-24 14:18:16 -------- d-----w- C:\Program Files (x86)\Common Files\Java
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  • 0

Advertisements

#11
Essexboy
Posted 07 May 2016 - 01:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, no need to run it again...  I am starting to think system problem here rather than malware, but, I will run a final confirmation of that first

Click here and select the blue Run ESET Online Scanner button:
ESET1_zps23a5e840.png

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • A link to esetsmartinstaller_enu.exe will be provided. Make sure to download it to the desktop.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#12
JayPlayer
Posted 07 May 2016 - 02:08 PM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I think I messed up, it was 22% done when I walked away...came back and touched mouse to stop my screen saver and noticed it says scanned 41535 files, 10 infected, 0 cleaned and stopped by user. Should I start again?
  • 0

#13
Essexboy
Posted 07 May 2016 - 02:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please .. Sorry about that
  • 0

#14
JayPlayer
Posted 07 May 2016 - 08:03 PM

JayPlayer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# end=init
# utc_time=2016-05-07 07:47:24
# local_time=2016-05-07 03:47:24 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29403
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# end=updated
# utc_time=2016-05-07 07:50:17
# local_time=2016-05-07 03:50:17 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# engine=29403
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-07 08:02:17
# local_time=2016-05-07 04:02:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 88137324 214194787 0 0
# scanned=41535
# found=10
# cleaned=0
# scan_time=719
sh=7E4DD56ED4DB97FA713731E7FA91B2389A945FE9 ft=1 fh=89495d9ac2bd4547 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir"
sh=1993555E7B29F0E3FBD5FBD24CAB8946D2D82B51 ft=0 fh=0000000000000000 vn="Win32/TidyNetwork.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\fdciimcaghaogphkbkipbmeemlmanmea\5.0.0.0_0\prescript.js"
sh=52F7509B64E8993EDFC18E99B156CDD8DBA86C43 ft=1 fh=dbe1b26cf0d0d0b6 vn="Win32/TidyNetwork.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\TidyNetwork.com\tidy2ie.dll"
sh=29468CF1C5052D56E21E3C04213CA4E73379493D ft=1 fh=95590ec9e83242ec vn="Win32/TidyNetwork.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\TidyNetwork.com\TidyNetwork.exe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# end=init
# utc_time=2016-05-07 09:03:44
# local_time=2016-05-07 05:03:44 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 29403
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# end=updated
# utc_time=2016-05-07 09:04:21
# local_time=2016-05-07 05:04:21 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# engine=29403
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-07 09:04:32
# local_time=2016-05-07 05:04:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 88141059 214198522 0 0
# scanned=595
# found=0
# cleaned=0
# scan_time=10
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# end=init
# utc_time=2016-05-07 09:04:46
# local_time=2016-05-07 05:04:46 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 29403
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# end=updated
# utc_time=2016-05-07 09:06:08
# local_time=2016-05-07 05:06:08 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=089075905fe86544997ee00e9a82ddc9
# engine=29403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-05-08 12:37:03
# local_time=2016-05-07 08:37:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 88153810 214211273 0 0
# scanned=341065
# found=34
# cleaned=0
# scan_time=12655
sh=7E4DD56ED4DB97FA713731E7FA91B2389A945FE9 ft=1 fh=89495d9ac2bd4547 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir"
sh=1993555E7B29F0E3FBD5FBD24CAB8946D2D82B51 ft=0 fh=0000000000000000 vn="Win32/TidyNetwork.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\fdciimcaghaogphkbkipbmeemlmanmea\5.0.0.0_0\prescript.js"
sh=52F7509B64E8993EDFC18E99B156CDD8DBA86C43 ft=1 fh=dbe1b26cf0d0d0b6 vn="Win32/TidyNetwork.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\TidyNetwork.com\tidy2ie.dll"
sh=29468CF1C5052D56E21E3C04213CA4E73379493D ft=1 fh=95590ec9e83242ec vn="Win32/TidyNetwork.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\TidyNetwork.com\TidyNetwork.exe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=112B0EAC8B8A01346DEFD8C73CFBDB6472773D65 ft=1 fh=82f97eac310d491a vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"
sh=112B0EAC8B8A01346DEFD8C73CFBDB6472773D65 ft=1 fh=82f97eac310d491a vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=A3F956746AC881EC2215CDDCBA9E394F146E6B1C ft=1 fh=def75e2564e7c401 vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\J. Albert Yanez\AppData\Local\DefineExt\teMP.dat.vir"
sh=4F8D9F0A0FF242FAA3BC6F0DF331B634B42F3481 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdfdididigddcdbgbgedidegbgbdf\background.html.vir"
sh=3113662D84508DD67BCEDA10E4F08903300B8485 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdfdididigddcdbgbgedidegbgbdf\ContentScript.js.vir"
sh=83C34BD290FB05E076F85B92595CD4F48D548F1A ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdidfdegegeddgfdidedidedfdgdi\background.html.vir"
sh=3113662D84508DD67BCEDA10E4F08903300B8485 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\J. Albert Yanez\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdidfdegegeddgfdidedidedfdgdi\ContentScript.js.vir"
sh=A311142AB66ADC0A62EE58B3138DFC1A79C0B349 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\J. Albert Yanez\AppData\Roaming\Mozilla\Firefox\Profiles\7r20f6ox.default\extensions\[email protected]"
sh=BDAAF566B8FA52568017B1D9D4CD8CC1606276E3 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.EW potentially unsafe application" ac=I fn="C:\Temp\Cakewalk Sonar v8.5.1.148 Producer Edition 32&64 bit.rar"
sh=7763A1D1B5317D3024DDE72D756BE61A50E2203C ft=1 fh=25156bf3b114bd35 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Temp\Winzip 165exe.exe"
sh=F0E3C686B8F0CD9222421559887ECCED81D33F3A ft=1 fh=e1e2986ea2e408f1 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\J. Albert Yanez\Desktop\Avery Wizard 5.0_20140331.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\J. Albert Yanez\Documents\Avery Templates\Avery 8160.exe"
sh=2CE3B98FEE0F70D0D68C14614FD6D94BDB314223 ft=1 fh=56d943c7b001406a vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\J. Albert Yanez\Downloads\winzip170-32.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\J. Albert Yanez\OneDrive\Documents\Avery 8160.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\J. Albert Yanez\OneDrive\Libraries\OneDrive\Documents\Avery 8160.exe"
sh=EC137FAF771530C861892DAE9AC7ED2E1EAAF910 ft=1 fh=453164313ef3f952 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\J. Albert Yanez\Pictures\winzip-setup.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\J. Albert Yanez\Pictures\Public\Pictures\Pictures\Avery 8195.exe"
sh=EC137FAF771530C861892DAE9AC7ED2E1EAAF910 ft=1 fh=453164313ef3f952 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\J. Albert Yanez\Pictures\Public\Pictures\Pictures\winzip-setup.exe"
sh=7B9E3E67438EAFB2627B41F570D2D45D57B01B42 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\9a92958.msi"
sh=BE7BAA6E0CB8F635803AB958E74513B93DC482AD ft=1 fh=e651bb12f5301609 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\WinZip\WinZip165.exe"
sh=64318B0F35C1EFA1044433007B9A12DA753F0199 ft=0 fh=0000000000000000 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="F:\LIGHTINGELSTORE\Backup Set 2016-04-24 210001\Backup Files 2016-04-24 210001\Backup files 11.zip"
sh=3E5D9D7B6F471154C8A74D1677F83948618E6413 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="F:\LIGHTINGELSTORE\Backup Set 2016-04-24 210001\Backup Files 2016-04-24 210001\Backup files 9.zip"
sh=652DA2972C524BFB4ECDB7E05A2D44F5B84333C7 ft=0 fh=0000000000000000 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="F:\LIGHTINGELSTORE\Backup Set 2016-04-26 210001\Backup Files 2016-04-26 210001\Backup files 11.zip"
sh=4868C70C067060EA8DEFF462DE03EC1A54CADAC7 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="F:\LIGHTINGELSTORE\Backup Set 2016-04-26 210001\Backup Files 2016-04-26 210001\Backup files 9.zip"
  • 0

#15
Essexboy
Posted 08 May 2016 - 04:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm not a great deal there, next we will reset IE and see how that functions.. 
 
First backup your bookmarks :

1.Open Internet Explorer by clicking the Internet Explorer icon on the taskbar.
2.Click the Favorites button .
3.Click the down-arrow next to Add to favorites, and then select Import and export.
4.Select Export to a file, and then click Next.
5.Export to the desktop

Close IE and go to Control Panel > Internet Options > Advanced Tab
Click the reset button
Now try IE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP