Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

wrapper.z5x.net problem [Solved]

Started by sharktooth , Jan 14 2014 08:36 AM

  • This topic is locked This topic is locked
19 replies to this topic

#1 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 14 January 2014 - 08:36 AM

I tried downloading an image and after deleting it I now have this wrapper.z5x.net hijacking my computer. I tried Norton anti-virus and ad-aware but neither one has fixed my problem. I just downloaded Hijack this and ran the software. I have the log file in notepad, but I can't figure out how to post it here. I select "edit>select all" the "edit >copy" but when I come back to this posting I can't get it to paste. I know I am doing something wrong.


    Advertisements

Register to Remove

#2 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 14 January 2014 - 05:50 PM

Here is my Hijack This results

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:15:58 AM, on 1/14/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

 

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Users\Ensign\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1182030504&ir=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll

O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll

O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Ensign\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f

O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...xControl_32.CAB

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell...r/SysProExe.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update Jump Flip - Unknown owner - C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11903 bytes


#3 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 17 January 2014 - 05:40 AM

Hi and welcome

If having problems when copy and pasting, at the bottom of the window you will see 'More Reply Options' button. Click on that and see if it changes the format to allow.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

    ~~~~~~~~~~~~~~~~~~~~~~~``

    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.

    Vista / 7 / 8 users:
    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    When they are complete let me have the two reports and let me know how things are running.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 17 January 2014 - 06:56 AM

I ran both of the tools you asked me to and I have attached the log files. I really won't know until tomorrow if this has helped. Previously I would wke up and find a pop-up window from the adware running on my computer. So tomorrow I will check to see if I still have problems. I will definitely let you know as soon as I have an indication one way or the other. Thank-you

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 07:34:54
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ensign - ENSIGN-PC
# Running from : C:\Users\Ensign\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Found : C:\Users\Ensign\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\Ensign\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Ensign\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\user.js
Folder Found : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Users\Ensign\AppData\Local\Conduit
Folder Found C:\Users\Ensign\AppData\Local\genienext
Folder Found C:\Users\Ensign\AppData\Local\Mobogenie
Folder Found C:\Users\Ensign\AppData\Local\PackageAware
Folder Found C:\Users\Ensign\AppData\LocalLow\Conduit
Folder Found C:\Users\Ensign\AppData\LocalLow\PriceGong
Folder Found C:\Users\Ensign\AppData\Roaming\DriverCure
Folder Found C:\Users\Ensign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\Users\Ensign\AppData\Roaming\newnext.me
Folder Found C:\Users\Ensign\AppData\Roaming\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297954
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1182030504&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1182030504&ir=

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\prefs.js ]

Line Found : user_pref("extensions.mysearchdial.AL", 2);
Line Found : user_pref("extensions.mysearchdial.aflt", "dsites0101");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
Line Found : user_pref("extensions.mysearchdial.cr", "1182030504");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czut[...]
Line Found : user_pref("extensions.mysearchdial.id", "90E2BA1F6779C3C1");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16082");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Cz[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:30:40");

-\\ Google Chrome v32.0.1700.72

[ File : C:\Users\Ensign\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8623 octets] - [17/01/2014 07:34:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8683 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ensign on Fri 01/17/2014 at  7:41:07.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

Successfully stopped: [Service] update jump flip
Successfully deleted: [Service] update jump flip

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Ensign\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{00F7FDC0-FA5E-42D2-9463-B53056082374}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{0226F813-D9A1-4260-AD38-C37C3D19FC10}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{02B416F5-8F45-42C5-B8B9-2F8A24FD42AA}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{052354E0-CEFC-48EA-841E-01DAC467CC5E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{05E0ED1C-07E1-408C-9179-62109CA75C6D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{06060289-E893-413A-AD14-462AEF9FC912}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{06063331-15C5-4291-BC33-883D04B2B5E1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{08194E7D-2F10-408F-A791-38EF2D049359}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{09E1053B-C228-4340-ABDE-C1C93CD21D52}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{0C6EC0FE-2684-4967-B421-DCF09F5FDBFC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{0CEED483-FF9C-4CBD-AFFD-FA9DB01BC2B9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{0F10C7B1-374C-4D14-AEF8-14D51F69F3A7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1279F998-45A5-4847-B872-C7F4A739B7A9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{12A0BD9F-4631-482A-B751-D469E40BA88D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{12FDB8E7-834E-4E1E-AD00-72ACDEBA6B1C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{12FDC73A-41D9-42AC-A141-C8CE8FC37949}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{14176FDF-E9FE-4D52-BB08-2693C3EE8C83}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{15A20E14-009D-439A-8F22-B5A54A77A9A8}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1758E4D4-F341-4810-8AFD-0050E3D9A351}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{18819592-5217-4755-8117-40F1449AEC4E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{19103721-5E40-47A7-AF72-A477D389E74C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{19233853-22BA-46E5-8785-CA8AC5D8974A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{19BC762A-AAB5-41AD-83F0-18F6FD382FF8}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1AA6F12B-7A54-42B1-8AC3-5A70B8F35786}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1B6E10B7-0FA3-45C0-B20A-0CAEBC74549D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1CEA4536-E3EA-4383-9CC0-7D11DF05C30A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1D497552-0926-4179-AACD-0F543BCED93E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1DFEDDAD-C827-4EE6-BCEB-36AC0C02E5E2}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{1F84E831-F851-479F-AB04-C9C9571AB3CB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{2010B363-0A02-4BA5-827A-73C9F7D2FC48}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{209A061A-CA18-46F3-9E39-476074391063}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{20A8B726-27F6-4981-AFA0-C2F0F95D7800}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{230C8BF7-ED9B-4736-9761-A7A1A03DEA43}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{2541B8D9-3D02-4462-9D5B-CB0126CC0DA4}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{25DF4950-B9FE-4D16-B9B7-E9541248EAFD}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{261AB47D-7BAA-48F2-A806-1F924D82CEB9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{26C5FD2A-DFBD-4B19-979E-5792009123F3}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{279EA1C7-01EB-4D0F-BFFA-DE2125939C51}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{2D23D824-22B6-4B77-85CF-D0AF77DF2486}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{2F285F9D-417B-44DF-A30C-20D50A74CB7A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{2FDD3AD6-9906-4256-8AE0-999330B8587E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{30DD2011-09EC-4F65-8289-62866E9EAFED}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{31CFAFC8-0D4C-4B44-8A6C-52199B6F3381}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{330275E3-6716-411B-B9BD-54CB1951DE90}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{339086FE-0FCD-4D3D-84F2-983DF7B2AFFC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3398E7B3-F773-4717-9B48-3A857FCCC9FA}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{345FE313-F920-4D43-AC7D-EFF16793FB2A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{346F2C04-A49A-4989-91B0-4EDF47551DF9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{36287488-3F5A-4FC3-9E36-2C202ACDC48F}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{367CE610-515F-4CA8-B188-A4304FC8F684}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{37740E26-9A3E-4696-A085-59149639FABC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3844EB02-F660-44BA-AE58-9776D3F2739E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{38CDA496-A3F6-4D12-92D9-8009B888A7B1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{39873E80-0520-4947-B8D5-6DCD6DBCD12B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3A08C5E0-1AC3-4E21-9BF6-3EA63FA6D86D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3A681583-989F-413D-A4CB-173B87BA330C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3A9D3814-EDBE-4DE0-9299-51FBE2DA1CEC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3B3E4160-FC06-4A32-AAA0-10A0B9104A41}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3BABBFE0-58D8-4DE2-9577-30E4A258B8AF}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3E1053E5-1B35-4EEC-8B2F-DEF58521F345}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3E6C7230-8545-412D-ABB6-CD1EC43D00EA}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3E8CFCA6-61D4-40A2-9031-0EF7BA27DB79}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{3F7E5326-5622-40C9-9D92-484E99018163}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{40AA36FA-D9A5-4B2B-B5C8-3F46010D93F8}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{41279808-66BD-4990-AFC4-FB4889CA9DD9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{421AF1A2-3014-4E71-8A14-5668BCB98E1E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{424084BD-100C-4B29-80BC-0A9CDFD2F25C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{4244FD86-E9EB-40C6-A356-DCC69279D449}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{427D49AD-AAF5-40EC-A92E-B227F6A7E9AB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{42F30320-FBAB-4456-AF57-E2A22D488670}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{437A0AE3-5B25-4DE5-8B12-BC78AA38BC17}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{437A9845-08D6-4382-9CD3-52F730ABF45B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{44BE2CD9-FDC0-43D9-8E6D-46E54F502EA2}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{44CD5876-1F3F-452F-9859-4FD62F25E10D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{45980240-7B40-4E32-A8D4-4BC7E612FF2B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{46164C81-A058-4802-9CAF-7F49010081C6}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{4911F890-83E3-4BE7-83B5-175FF4B9671B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{4B3311A3-BFA4-491A-9900-AD610500F1A5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{4BB3F921-DC1C-42A9-916C-9858A50E457A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{4C565C53-D7B7-4DE3-ACBA-606680F157E9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{4F29B103-CA42-4F91-AF19-8A0C50CDEECE}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{501FD1BE-A081-44A9-AEC7-22F83245A0B0}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{5120154C-5E7B-446B-8F0B-535AF00EDE43}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{5361CF87-4E75-49C2-92B0-295187F754E0}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{537A1AB5-8FC2-4511-85C7-757CF0054E80}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{538E089A-4582-4990-88C4-FB695114CCFB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{55344D70-4773-43AA-B406-C0F7648DB408}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{556B51C0-57C5-4BCC-BF6F-ACDA9B379DDB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{579CD0F2-0E8A-44E6-91D8-DAE48A5DB727}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{5A7D5E6B-2A06-4279-8F6F-1C3F80969B2E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{5F6AB4CA-316A-4ADA-BDC6-6723E26EEF64}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{5F8A0D08-9805-4235-96EA-867546B5F2BD}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{608EB4BD-3D63-42BD-AD56-356EAD9253AF}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{611792F9-385C-459E-B6E4-4ED4988F7799}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{616B6DD8-E4D0-4920-B9C6-CD4530A645A5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{641ABC1D-152F-4E69-8CA5-44B6097A3951}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{64A5119C-963A-4A61-8A4C-BD16F12ED292}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6580DF4C-DE63-432A-B080-5C866FB33EED}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6724C1AB-70D4-408E-AD68-10DBF16D7BAF}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{69FC7E82-7639-4AE0-A3BC-3D9C54773E8A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6A13CD97-0279-41A1-AAB8-AEA8B1E21307}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6A93DEF0-CF9C-4640-9EA9-D8CC2C501E73}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6ABC7BAF-470F-47EB-AB3D-D54274BB0C07}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6ABDA04C-8FE4-4A4D-852D-D6F137D9D17E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6ACF610E-F35B-44BC-AD18-75E2B01732C1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6BCD2318-85CC-4913-AF1E-2285F29BF776}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6BEFE105-DA98-487E-A415-762BFA9CDA12}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6D36355C-E5FA-4C08-8EFD-2BE1963489D3}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6D9878CA-43E2-4510-8219-786D8FA3B606}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6F85881B-ADAE-4316-BE65-498E34F14F31}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{6FA62538-32A8-42C2-BC87-A6D12A7A5750}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{70955DAD-8751-4737-BF89-DB5B55E5581A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{717F016B-4DF9-4E83-8CBF-F811FD9960B9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{72EEFE98-AF41-4686-8CC1-F166E850CDBF}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{72F1DF49-D6FC-424E-9085-21791EA3B924}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{731C82E6-EFFA-481A-8D29-D3C30C0B760E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{73EAEB1D-E24C-4E1A-BB6F-82FF86425C11}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{752FCBD1-9DFC-4205-BD8E-B624957E1B9D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{759B4BB8-5595-4B2E-B199-BDA3573A2200}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{75AFC9DA-BA43-4828-B9E4-CD86C649C205}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{767BB5A6-D870-4225-AA17-FE28AAD9C652}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{793A3371-DD2F-4825-9F89-C92A168B760A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{79756F13-9865-4BD3-9799-B1DBCDD08FFC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{7BDF9E00-7D32-42CF-93EA-ABE24F2C53C4}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{7E3D3C8E-205B-4E9A-9A31-4F1A98DFC3B5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{7E96661F-69C3-4E96-B2CF-21706DF24A34}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{7EEF4C0B-E59F-4EF0-BA60-E0E729E41BE5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{7FEE7A26-67C3-429E-93F8-72097D985329}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{808E1E74-0992-4DED-974D-F0FB7D769107}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8099AD51-6441-4D8D-96D3-67BD2F18651C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{80BEC3C7-3206-4926-8E1F-3AC9E2C4BB8A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8163A78F-56DF-402A-A50E-5D35E6380B52}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{816EA079-7261-439B-B2FA-FFB05BD92AB3}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{81CC2608-5F52-43C1-BE6A-6B9344D9320B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{81D5073B-2E0F-4D85-B3D8-ABC7B74C8E35}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{82FE2E0E-C76D-4A7B-8734-A8856B2AA5D0}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{83197F43-3F73-4B5B-924F-41AABCDEFE4C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{83F788A9-1CC1-463B-981E-437838B774CB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{84D4A3EC-58D3-4D57-8BE7-EDC6030DF0B7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8570BB25-4E11-4AD4-9128-534F27D66F37}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{86F6D85E-8CAC-49E9-9D1F-BF890C2B2F37}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{877546CF-545F-4350-80F4-F5C2C5491683}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{88EE01B7-CAE3-4585-9B68-88F824B492D1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{891D0CC2-9630-4FB3-B9DB-8E37401AB710}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{89709CF5-84B7-436C-BC1B-11F6BDC82A66}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8BE8193A-A8E0-46C0-BEBA-AC4C860FD84E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8E8CFAB8-26E5-454F-AC78-20EB6126F927}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8F21A839-9730-4668-A3EE-D5DC138AFEDD}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8F3BE6CD-F685-4106-8EEE-5517D423A970}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{8FEFAE4C-0C4E-43B1-BD49-306D70D61257}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{91351762-4657-433A-ACFB-8F1EDB4B33DC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{91D0B46C-97F7-4AA7-9031-360ABC767F19}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{9233E5BB-E64C-491B-A664-04B22F48F365}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{9258DE07-2E48-4836-9533-8A2E013C1FF6}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{925E66B5-6BF4-4358-86E8-853E92EA031C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{9288C08A-8C11-4386-B8D4-411413114C85}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{92BC2A9D-E6CE-4051-8C96-FC64B3E01791}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{93B6E1AB-0022-4867-B617-7E92B9AEEDF1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{95A9D751-5E64-43DE-9449-7330F690D455}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{96BFE3FA-1B8F-4A44-B605-7AEE4D4A208D}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{97DB01E2-42A0-4C20-8A3B-08B545E913C7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{97F9910B-03D4-4357-94AC-4EC61027DB5E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{98A18B86-CD58-468D-BCAC-4EACAC287CE7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{9FA39676-0D4A-4EBD-BB85-DFD0E7485D82}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A034D344-E165-41A7-92B1-8B4CE9BB058E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A0F3EE04-58EE-4364-83D7-20975C106817}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A105982E-9B68-42E7-B80A-EFC29DE69E08}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A15100C9-F5D3-4C49-A2EF-521490D2F275}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A3C0478C-2C00-417B-8030-4CA2E471F104}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A43A449F-EA74-48E9-A3A2-4E7E1B121DA1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A492ECDC-A687-40B6-822F-847E4FF90A98}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A59E923F-75D8-439A-9929-62052F87F0E5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A6C0B84A-11F3-491C-A8A9-E12F36CAC599}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A749879A-0275-4A4B-B2C7-2B37F4D5D5E1}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A801207D-C255-4994-A82E-04BF208B4C98}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A8E42FB6-F1E9-4BC4-AD5B-AE898B8EAA6A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A90A71E4-09D1-472D-9F59-BCEC5C551572}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{A9579E59-F4FD-4055-BB4A-83EDFBB1AA52}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{AAFACAF0-007A-4FD9-87C4-DD623E7EE09B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{ABC3E1F6-D9EE-45AC-877F-0EA3D0CFF069}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{ACE57CA2-6FC8-44E5-9F90-FFF104FA81A0}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{AED1DEA0-A914-40D3-951E-50C687A56550}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{AF2A0DF4-A831-493C-8771-65735228A37C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B0A316F2-7D3E-4AE1-AD65-B30DD9511ADF}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B1E544FD-71C7-4AB6-9E49-AFC3CDA4AA18}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B42420E9-B146-4DEA-BB86-BD0F78597C1F}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B44DA99A-C7AC-4798-B5CA-BB192BFB97BD}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B58BFB39-F2FA-4665-8963-A14292E32041}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B5C917D1-DDBC-414B-8483-56871D7E9037}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B67C0728-ABA2-4386-AF77-61FDBB580304}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B6E7BB2B-E1EE-40C2-9BA0-B5CB38F1E420}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B776F473-4440-42E3-8EA5-03444D302028}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B79BEE54-BDD0-4A4E-BA30-5F08B61E16A4}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B7E69C11-D2DF-4FD5-9497-483A31419137}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B8099B3E-540D-43EA-BCDD-5497BB3DB4F7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{B8CFCF33-2DE0-407D-BFD3-2783FA81A0CE}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{BA3EF021-925C-4D53-A06B-5AB82C0ED2F7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{BD80D3B0-9770-4208-8E3A-4ACF0634D221}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{BE345840-226A-4941-9676-14DA3A460DC2}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C0C04F2B-FE6B-449E-8B70-00F6F7470190}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C19EBF7A-016C-404F-BA01-BEB11040ADF7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C2E609B2-02FB-487B-8463-3AB0EA804CFB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C3F98E67-C0D1-40BD-84CD-34EED31DA329}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C47BDC14-63F3-4A83-8B53-6E8C027CD52E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C57E2020-84F3-4E9A-9114-B08FFAD75F1E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C8E8AA64-9E80-4C89-8497-1FF7152C92BF}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{C9DEAF76-2632-44EB-AAA0-333C21E106A4}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CA5927D4-C130-4468-9EA6-FB85D08CD9EB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CA71375B-906A-435F-999E-D26595C447C2}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CA72FBFB-D7F7-4253-A965-58AC98C3DCC5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CB741367-43F0-4DE4-81BA-B217525EF8E7}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CB7DC8F2-62C0-48BB-9234-D26DCF3A4AF6}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CC3CC620-C394-4C6F-A308-F803CD23169B}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CD606CE3-01D7-4FBE-B23C-B331811297DB}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{CD6B597F-D32A-481E-9416-455C209C2A53}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{D05D4ED2-6B86-4AFB-B45F-6A9F5CCB4A63}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{D59ECBF8-F158-4402-962C-628C8DAB8F5A}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{D65EF3AD-F8B8-4E24-A5A4-2FDA1F512C59}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{D862E206-54F8-42AD-8DCF-5891185DB6E8}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{DA690E34-C088-4BB2-A25D-FE909674B0C0}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{DE71924D-E3F5-47B5-A9F4-9EB099F318C5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{DE9F6662-8E00-410A-B9F8-48EA2B783392}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{DF394AFE-B28B-4137-9445-05069FE81AB3}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{DF9E94DE-3B26-4A52-9F80-CFFCE762B3F0}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{DFFA893B-890F-4E81-9393-1FF4119F53F5}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E04F014B-2877-4275-A269-18AD9EF4222E}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E0CC705D-CDC6-484B-B4DB-5F303C91C103}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E16A0978-E54E-4B99-8BDC-6DF3AC87F637}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E224FD24-9E3F-45B9-B162-485F51AAEEF9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E4A04997-C121-469D-88FE-0440F7DEA425}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E50FBC41-C587-4135-902A-AFAE3829A454}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E838309D-6F6E-471D-B5E7-6E67FD871B7C}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{E91F2674-667D-495C-9143-913B6E173EA9}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{EC0586C1-C740-4575-A5B0-19B124FB5813}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{ECB1BC14-5339-4271-AB2A-641E47DE0826}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{F514DF65-E7A8-4323-B6D0-A3E0796C5232}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{F745DFE5-6962-49FD-91A1-D9CFBE5B4B36}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{F8B3DABA-B500-4DCF-824E-4483F34D1700}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{FA279380-DDD7-4DFE-92EB-247E75C45C60}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{FA932345-D39B-4514-99CB-84DF9650A529}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{FDD0A76C-7B00-4034-9A76-672ADA473CBE}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{FE0B4658-0D74-4186-9D2F-475ABA0E2DEC}
Successfully deleted: [Empty Folder] C:\Users\Ensign\appdata\local\{FE64B8E0-F962-4F4F-800E-10D75BF1D451}

~~~ FireFox

Successfully deleted the following from C:\Users\Ensign\AppData\Roaming\mozilla\firefox\profiles\epe5glm9.default\prefs.js

user_pref("browser.search.defaultenginename", "SecureSearch");
user_pref("browser.search.selectedEngine", "SecureSearch");
Emptied folder: C:\Users\Ensign\AppData\Roaming\mozilla\firefox\profiles\epe5glm9.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/17/2014 at  7:47:53.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 17 January 2014 - 06:58 AM

Sorry, I think I attached the wrong log file from AdxCleaner in my previous post. I think this is the one you needed.

 

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 07:36:16
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ensign - ENSIGN-PC
# Running from : C:\Users\Ensign\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\Ensign\AppData\Local\Conduit
Folder Deleted : C:\Users\Ensign\AppData\Local\genienext
Folder Deleted : C:\Users\Ensign\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Ensign\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ensign\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ensign\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ensign\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ensign\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Ensign\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Ensign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\Users\Ensign\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Ensign\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\user.js
File Deleted : C:\Users\Ensign\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297954
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default\prefs.js ]

Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0101");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1182030504");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "90E2BA1F6779C3C1");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16082");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EtB0B0AtC0FyCyByBzy0CtA0CtCtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:30:40");

-\\ Google Chrome v32.0.1700.72

[ File : C:\Users\Ensign\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8815 octets] - [17/01/2014 07:34:54]
AdwCleaner[S0].txt - [8007 octets] - [17/01/2014 07:36:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8067 octets] ##########


#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 17 January 2014 - 07:53 AM

wowssa!

that should had helped out.

How's the computer now?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
~~~~~~~~~~~~
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 17 January 2014 - 08:27 AM

Here are the twoog files. It didn't take long and the wrapper.z5x.net was back to work on my computer

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014
Ran by Ensign (administrator) on ENSIGN-PC on 17-01-2014 09:19:09
Running from C:\Users\Ensign\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Ensign\Desktop\Farbar Recovery Scan Tool FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Runonce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
MountPoints2: {5661a00a-80da-11e2-b4d7-90e2ba1f6779} - I:\VZW_Software_upgrade_assistant.exe
MountPoints2: {c00d8e81-d169-11e0-9e41-b8ac6fb6119b} - I:\TL_Bootstrap.exe
MountPoints2: {c00d8e9d-d169-11e0-9e41-b8ac6fb6119b} - I:\VZAccess_Manager.exe /z detect
MountPoints2: {d63eac0d-5e68-11e0-8909-b8ac6fb6119b} - I:\TL_Bootstrap.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4979647BE60FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {193360A9-874A-4BD0-83A5-F9A4FE9ED8A1} URL =
SearchScopes: HKCU - {3BFF17E9-BE0B-4E95-98DB-C16E79745B29} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {7D0BE33D-3825-4485-937A-C572133441B6} URL = http://search.yahoo....rtPage?}&fr=ie8
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 173.44.120.64 173.44.120.65

FireFox:
========
FF ProfilePath: C:\Users\Ensign\AppData\Roaming\Mozilla\Firefox\Profiles\epe5glm9.default
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-09]

Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&ent=hp&u=85BB2DBD7C0BC3DBA3218252D52C227F
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&ent=hp&u=85BB2DBD7C0BC3DBA3218252D52C227F", "hxxp://www.google.com/"
CHR DefaultSearchProvider:         "name":    "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-12-15]

==================== Services (Whitelisted) =================

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140116.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140116.033\ENG64.SYS [126040 2013-12-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140116.033\EX64.SYS [2099288 2013-12-05] (Symantec Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)
S3 EraserUtilDrv11310; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11310.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 09:19 - 2014-01-17 09:19 - 00016040 _____ C:\Users\Ensign\Desktop\FRST.txt
2014-01-17 09:18 - 2014-01-17 09:18 - 02075648 _____ (Farbar) C:\Users\Ensign\Desktop\Farbar Recovery Scan Tool FRST64.exe
2014-01-17 09:18 - 2014-01-17 09:18 - 00000000 ____D C:\FRST
2014-01-17 07:47 - 2014-01-17 07:47 - 00027481 _____ C:\Users\Ensign\Desktop\JRT.txt
2014-01-17 07:41 - 2014-01-17 07:41 - 00000000 ___RD C:\Users\Ensign\Documents\Notes
2014-01-17 07:41 - 2014-01-17 07:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 07:40 - 2014-01-17 07:40 - 00004544 _____ C:\Users\Ensign\Desktop\New Journal Document.jnt
2014-01-17 07:29 - 2014-01-17 07:36 - 00000000 ____D C:\AdwCleaner
2014-01-17 07:26 - 2014-01-17 07:59 - 00000000 ____D C:\Users\Ensign\Desktop\Computer Help
2014-01-14 18:51 - 2014-01-14 18:51 - 00003128 _____ C:\Windows\System32\Tasks\{5E80C37B-52EB-4D71-8D62-77CCB40DB662}
2014-01-14 18:28 - 2014-01-14 18:28 - 00003122 _____ C:\Windows\System32\Tasks\{6F49F960-D4A7-4783-B4BE-3EBDFB0963BC}
2014-01-14 07:30 - 2014-01-14 07:30 - 00000000 ____D C:\Users\Ensign\AppData\Roaming\LavasoftStatistics
2014-01-14 07:23 - 2014-01-14 07:23 - 00000000 ____D C:\Users\Ensign\AppData\Roaming\SecureSearch
2014-01-14 07:22 - 2014-01-14 18:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2014-01-14 07:21 - 2014-01-14 07:21 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-12 16:31 - 2014-01-12 16:31 - 00000000 ____D C:\Users\Ensign\AppData\Local\cache
2014-01-12 16:31 - 2014-01-12 16:31 - 00000000 ____D C:\Users\Ensign\.android
2014-01-12 16:31 - 2014-01-12 16:31 - 00000000 _____ C:\Users\Ensign\daemonprocess.txt
2014-01-12 16:30 - 2014-01-17 08:32 - 00000109 _____ C:\Users\Ensign\AppData\Roaming\WB.CFG
2014-01-12 16:30 - 2014-01-17 08:32 - 00000005 _____ C:\Users\Ensign\AppData\Roaming\WBPU-TTL.DAT
2014-01-12 16:30 - 2014-01-12 16:37 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-12 16:30 - 2014-01-12 16:32 - 00003240 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-12 16:30 - 2014-01-12 16:30 - 00000000 ____D C:\Users\Ensign\AppData\Roaming\DigitalSites
2014-01-12 16:30 - 2014-01-12 16:30 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-12-29 09:53 - 2013-12-29 09:53 - 00000000 ____D C:\LGMobileUpgrade
2013-12-22 08:49 - 2014-01-17 07:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-17 09:19 - 2014-01-17 09:19 - 00016040 _____ C:\Users\Ensign\Desktop\FRST.txt
2014-01-17 09:18 - 2014-01-17 09:18 - 02075648 _____ (Farbar) C:\Users\Ensign\Desktop\Farbar Recovery Scan Tool FRST64.exe
2014-01-17 09:18 - 2014-01-17 09:18 - 00000000 ____D C:\FRST
2014-01-17 08:32 - 2014-01-12 16:30 - 00000109 _____ C:\Users\Ensign\AppData\Roaming\WB.CFG
2014-01-17 08:32 - 2014-01-12 16:30 - 00000005 _____ C:\Users\Ensign\AppData\Roaming\WBPU-TTL.DAT
2014-01-17 08:28 - 2011-03-19 05:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 07:59 - 2014-01-17 07:26 - 00000000 ____D C:\Users\Ensign\Desktop\Computer Help
2014-01-17 07:47 - 2014-01-17 07:47 - 00027481 _____ C:\Users\Ensign\Desktop\JRT.txt
2014-01-17 07:45 - 2009-07-14 00:13 - 00786598 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 07:45 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 07:45 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 07:42 - 2009-07-14 00:10 - 01875202 _____ C:\Windows\WindowsUpdate.log
2014-01-17 07:41 - 2014-01-17 07:41 - 00000000 ___RD C:\Users\Ensign\Documents\Notes
2014-01-17 07:41 - 2014-01-17 07:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 07:40 - 2014-01-17 07:40 - 00004544 _____ C:\Users\Ensign\Desktop\New Journal Document.jnt
2014-01-17 07:38 - 2011-03-19 05:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 07:38 - 2010-07-20 10:14 - 00226712 _____ C:\Windows\PFRO.log
2014-01-17 07:38 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 07:38 - 2009-07-13 23:51 - 00071172 _____ C:\Windows\setupact.log
2014-01-17 07:36 - 2014-01-17 07:29 - 00000000 ____D C:\AdwCleaner
2014-01-17 07:36 - 2013-12-22 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-14 18:51 - 2014-01-14 18:51 - 00003128 _____ C:\Windows\System32\Tasks\{5E80C37B-52EB-4D71-8D62-77CCB40DB662}
2014-01-14 18:28 - 2014-01-14 18:28 - 00003122 _____ C:\Windows\System32\Tasks\{6F49F960-D4A7-4783-B4BE-3EBDFB0963BC}
2014-01-14 18:09 - 2014-01-14 07:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2014-01-14 12:42 - 2012-04-17 19:31 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-14 07:30 - 2014-01-14 07:30 - 00000000 ____D C:\Users\Ensign\AppData\Roaming\LavasoftStatistics
2014-01-14 07:23 - 2014-01-14 07:23 - 00000000 ____D C:\Users\Ensign\AppData\Roaming\SecureSearch
2014-01-14 07:21 - 2014-01-14 07:21 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-12 18:57 - 2010-07-28 08:37 - 00000000 ____D C:\Users\Ensign\Desktop\Marguret
2014-01-12 16:37 - 2014-01-12 16:30 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-12 16:37 - 2012-11-09 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-12 16:32 - 2014-01-12 16:30 - 00003240 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-12 16:31 - 2014-01-12 16:31 - 00000000 ____D C:\Users\Ensign\AppData\Local\cache
2014-01-12 16:31 - 2014-01-12 16:31 - 00000000 ____D C:\Users\Ensign\.android
2014-01-12 16:31 - 2014-01-12 16:31 - 00000000 _____ C:\Users\Ensign\daemonprocess.txt
2014-01-12 16:31 - 2010-07-26 17:45 - 00000000 ____D C:\Users\Ensign
2014-01-12 16:30 - 2014-01-12 16:30 - 00000000 ____D C:\Users\Ensign\AppData\Roaming\DigitalSites
2014-01-12 16:30 - 2014-01-12 16:30 - 00000000 ____D C:\Program Files (x86)\Image Converter
2014-01-11 13:56 - 2012-01-08 15:09 - 00109500 _____ C:\Users\Ensign\Desktop\Check Register.xlsx
2014-01-07 19:31 - 2011-06-30 06:10 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-05 20:25 - 2010-07-28 08:37 - 00000000 ____D C:\Users\Ensign\Desktop\Medical
2013-12-29 09:57 - 2011-04-04 16:32 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2013-12-29 09:53 - 2013-12-29 09:53 - 00000000 ____D C:\LGMobileUpgrade
2013-12-29 09:53 - 2011-04-04 16:35 - 00000000 ____D C:\ProgramData\LGMOBILEAX
2013-12-27 08:35 - 2011-05-13 20:40 - 00000000 ____D C:\Users\Ensign\Desktop\L-3 Aetna Medical

Some content of TEMP:
====================
C:\Users\Ensign\AppData\Local\Temp\55095uninstall.exe
C:\Users\Ensign\AppData\Local\Temp\de11c08b-1dec-4c70-978e-38eb158fa248.exe
C:\Users\Ensign\AppData\Local\Temp\eject.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-4.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-5.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ensign\AppData\Local\Temp\ose00000.exe
C:\Users\Ensign\AppData\Local\Temp\Quarantine.exe
C:\Users\Ensign\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 00:47

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014
Ran by Ensign at 2014-01-17 09:20:23
Running from C:\Users\Ensign\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
ATI Catalyst Control Center (x32 Version: 2.009.0714.2131 - )
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon Easy-WebPrint EX (x32 Version:  - )
Canon MG5300 series MP Drivers (Version:  - )
Canon MG5300 series On-screen Manual (x32 Version:  - )
Canon MG5300 series User Registration (x32 Version:  - )
Canon MP Navigator EX 5.0 (x32 Version:  - )
Canon My Printer (x32 Version:  - )
Canon Solution Menu EX (x32 Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0714.2132.36830 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help English (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help French (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help German (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0714.2131.36830 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
ccc-utility64 (Version: 2009.0714.2132.36830 - ATI) Hidden
Cook'n Deluxe (x32 Version:  - )
Coupon Printer for Windows (x32 Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (x32 Version:  - Stardock Corporation)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (x32 Version: 4.2.4 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.10 Update (x32 Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.10 Update (x32 Version: 17.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.20 Update (x32 Version: 17.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (x32 Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (x32 Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (x32 Version: 32.0.1700.72 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
J2SE Runtime Environment 5.0 Update 9 (x32 Version: 1.5.0.90 - Sun Microsystems, Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Drivers (x32 Version: 3.3.0.0 - LG Electronics)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
OLYMPUS Digital Camera Updater (x32 Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Olympus ib (x32 Version: 1.3.2207 - OLYMPUS IMAGING CORP.)
Olympus ib (x32 Version: 1.3.2207 - OLYMPUS IMAGING CORP.) Hidden
OLYMPUS Viewer 2 (x32 Version: 1.1.1 - OLYMPUS IMAGING CORP.)
PowerDVD DX (x32 Version: 8.3.6029 - CyberLink Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5977 - Realtek Semiconductor Corp.)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Skins (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Skype Toolbars (x32 Version: 1.0.4036 - Skype Technologies S.A.)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.07.1407.00 - Microsoft Corporation) Hidden
Zune (Version: 04.07.1404.01 - Microsoft Corporation)
Zune (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

23-12-2013 05:00:04 Scheduled Checkpoint
29-12-2013 14:52:07 Install LG UNITED Drivers
06-01-2014 05:00:02 Scheduled Checkpoint
12-01-2014 21:39:23 Removed Skype Toolbars
14-01-2014 12:21:05 AA11
14-01-2014 23:09:40 AA11

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {696397A4-37E8-4C3A-8371-49E75396872B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {6DA520A6-4BDE-46E0-9042-543C3B267D96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: {7433AB8A-82F4-4A62-B609-360638FEA603} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {9B57A0A5-BD72-4C2D-891D-D3DCBCC4FFBC} - System32\Tasks\Digital Sites => C:\Users\Ensign\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {DE015121-9DD6-4F2A-B0E1-B3361CC04FB1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {FA301E6C-C5C9-42C4-A485-B485ED42E577} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Ensign\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-15 11:20 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-06-15 11:20 - 2012-05-30 09:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/26/2013 07:03:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/08/2010 05:54:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2011-01-19 07:55:10.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:10.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:10.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:10.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:09.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:09.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:09.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:55:09.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:54:50.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-19 07:54:50.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 2814.98 MB
Available physical RAM: 1129.37 MB
Total Pagefile: 5628.13 MB
Available Pagefile: 3918.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:688.72 GB) (Free:562.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 48E2F468)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 17 January 2014 - 09:12 AM

Let's see if this helps.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {193360A9-874A-4BD0-83A5-F9A4FE9ED8A1} URL =
SearchScopes: HKCU - {3BFF17E9-BE0B-4E95-98DB-C16E79745B29} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR DefaultSearchProvider: "name": "Mysearchdial"
C:\Users\Ensign\AppData\Local\Temp\55095uninstall.exe
C:\Users\Ensign\AppData\Local\Temp\de11c08b-1dec-4c70-978e-38eb158fa248.exe
C:\Users\Ensign\AppData\Local\Temp\eject.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-4.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-5.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ensign\AppData\Local\Temp\ose00000.exe
C:\Users\Ensign\AppData\Local\Temp\Quarantine.exe
C:\Users\Ensign\AppData\Local\Temp\Sqlite3.dll
Coupon Printer for Windows (x32 Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION
Task: {9B57A0A5-BD72-4C2D-891D-D3DCBCC4FFBC} - System32\Tasks\Digital Sites => C:\Users\Ensign\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Ensign\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



Please post the FRSTfix.log
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 17 January 2014 - 09:26 AM

Also, I would like you to run an additional scan

Download Windows Repair (all in one) from this site

Install the programme then run

waio%20start.JPG

Please click on the Start Repairs button

Select only #8, #13, #14 (they're all checked by default):
waio%20rep%20list.JPG



Click on box next to the Restart System when Finished. Then click on Start.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 17 January 2014 - 10:41 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014
Ran by Ensign at 2014-01-17 11:39:06 Run:2
Running from C:\Users\Ensign\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {193360A9-874A-4BD0-83A5-F9A4FE9ED8A1} URL =
SearchScopes: HKCU - {3BFF17E9-BE0B-4E95-98DB-C16E79745B29} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR DefaultSearchProvider: "name": "Mysearchdial"
C:\Users\Ensign\AppData\Local\Temp\55095uninstall.exe
C:\Users\Ensign\AppData\Local\Temp\de11c08b-1dec-4c70-978e-38eb158fa248.exe
C:\Users\Ensign\AppData\Local\Temp\eject.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-4.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-5.exe
C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ensign\AppData\Local\Temp\ose00000.exe
C:\Users\Ensign\AppData\Local\Temp\Quarantine.exe
C:\Users\Ensign\AppData\Local\Temp\Sqlite3.dll
Coupon Printer for Windows (x32 Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION
Task: {9B57A0A5-BD72-4C2D-891D-D3DCBCC4FFBC} - System32\Tasks\Digital Sites => C:\Users\Ensign\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Ensign\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{193360A9-874A-4BD0-83A5-F9A4FE9ED8A1} => Key not found.
HKCR\CLSID\{193360A9-874A-4BD0-83A5-F9A4FE9ED8A1} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BFF17E9-BE0B-4E95-98DB-C16E79745B29} => Key not found.
HKCR\CLSID\{3BFF17E9-BE0B-4E95-98DB-C16E79745B29} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value not found.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key not found.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
CHR DefaultSearchProvider: "name": "Mysearchdial" ==> The Chrome "Settings" can be used to fix the entry.
"C:\Users\Ensign\AppData\Local\Temp\55095uninstall.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\de11c08b-1dec-4c70-978e-38eb158fa248.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\eject.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-1.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-2.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-3.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-4.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer-5.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\fp_pl_pfs_installer.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Ensign\AppData\Local\Temp\Sqlite3.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B57A0A5-BD72-4C2D-891D-D3DCBCC4FFBC} => Key not found.
C:\Windows\System32\Tasks\Digital Sites not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key not found.
C:\Windows\Tasks\Digital Sites.job not found.

==== End of Fixlog ====


    Advertisements

Register to Remove

#11 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 17 January 2014 - 02:57 PM

By chance did you run the fix twice?

After using Windows Repair (all in one), do you see any improvements?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#12 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 18 January 2014 - 07:33 AM

Yes, I think I screwed up and ran the windows repair twice. However so far so good I have not had any problems since. Maybe you got it fixed for me. I sure hope so. I guess you can consider this fixed and if I have problems again I will just have to start a new topic.

 

Thank you so very much.

 

David


#13 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 18 January 2014 - 09:24 AM

lol

not so fast!, I would like for you to check for remnants. At times it may seem the computer is running great while in the back ground minor things can be happening.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~`
This scan can take quite a while to run, depends greatly on how large and full your computer is. It's a good thorough scanner, Please have patience and continue.

***
Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#14 sharktooth

sharktooth

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 18 January 2014 - 12:35 PM

Here is the ESET scan results

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Local\genienext\nengine.dll.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.37.zip.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Roaming\newnext.me\nengine.dll.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Roaming\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\Ensign\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\FRST\Quarantine\de11c08b-1dec-4c70-978e-38eb158fa248.exe    multiple threats
C:\Users\Ensign\Downloads\SoftonicDownloader_for_mozilla-firefox(1).exe    a variant of Win32/SoftonicDownloader.E application
C:\Users\Ensign\Downloads\SoftonicDownloader_for_mozilla-firefox.exe    a variant of Win32/SoftonicDownloader.E application


#15 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 18 January 2014 - 01:48 PM

thats pretty good.
Most of what was found is already in a quarantine folder.
When I close out this topic, we remove those.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
C:\Users\Ensign\Downloads\SoftonicDownloader_for_mozilla-firefox(1).exe
C:\Users\Ensign\Downloads\SoftonicDownloader_for_mozilla-firefox.exe
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

post the fix.txt please.

how's the computer now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·