14 replies to this topic

[snoochieee]

I just got my computer about a month ago and as I was downloading things I needed for school, I started noticing "bar ads" at the top, bottom, and sides of every page I went to. I had been to these pages before and the ads weren't there before. Also, when I click on some links in a webpage it'll open a new tab with an ad page. I close the ad page and click on the link again and it goes where the link takes me. It's like there are hidden ads covering my links and after I click them once they go away and let me use the link I intended to use in the first place. At the bottom of these "bar ads" it says "Powered by LaSuperba". I googled LaSuperba and read a lot about it being a hard virus to get rid. I've run my Norton program 3 times with the full scan and it apparently isn't picking it up. Please tell me you can help. Thank you so much!  


Here is my log from AVAST. I hope I did it right. lol.

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2015-09-18 17:40:55

-----------------------------

17:40:55.965    OS Version: Windows x64 6.2.9200 

17:40:55.975    Number of processors: 2 586 0x3708

17:40:55.978    ComputerName: TAYLORPC  UserName: 

17:41:22.822    Initialize success

17:41:25.938    VM: initialized successfully

17:41:25.940    VM: Intel CPU BiosDisabled 

17:52:20.642    AVAST engine defs: 15091801

17:54:51.480    The log file has been saved successfully to "C:\Users\tayblaedwards\OneDrive\Documents\aswMBR.txt"

[Juliet]

Welcome

If you haven't already, check add/remove programs and see if by chance LaSuperba is listed.
If it is, try to uninstall.

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

[snoochieee]

I checked my uninstall list and didn't see anything with Superba in the name and I didn't see anything else that looked suspicious. I followed the steps in your reply and I have the two logs. However, when I try to paste them in the reply box, my page crashes. I reload it and try again and it crashes again. There were a couple times where it didn't crash but it wouldn't post my reply. Maybe it's too long?

[snoochieee]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015

Ran by tayblaedwards (2015-09-19 12:15:25)

Running from C:\Users\tayblaedwards\Desktop

Windows 8.1 Connected (X64) (2015-08-27 01:11:32)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2816509817-106147569-2285967997-500 - Administrator - Disabled)

Guest (S-1-5-21-2816509817-106147569-2285967997-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2816509817-106147569-2285967997-1003 - Limited - Enabled)

tayblaedwards (S-1-5-21-2816509817-106147569-2285967997-1001 - Administrator - Enabled) => C:\Users\tayblaedwards

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)

Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\AmUHubftr) (Version: 1.5.0.8 - Alcor Micro Corp.)

Alcor Micro Generic Hub Filter Driver (x32 Version: 1.5.0.8 - Alcor Micro Corp.) Hidden

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden

Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3626 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)

Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

FarmVille 2 (HKU\S-1-5-21-2816509817-106147569-2285967997-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)

Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden

Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden

LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Matching With Friends (HKU\S-1-5-21-2816509817-106147569-2285967997-1001\...\Pokki_55bc7b2e17658f5421d76b58733bc7a84776161b) (Version: 1.0.0.40966 - Pokki)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2816509817-106147569-2285967997-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Norton Security (HKLM-x32\...\NS) (Version: 22.5.2.15 - Symantec Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)

Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden

Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden

Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden

Start Menu (HKU\S-1-5-21-2816509817-106147569-2285967997-1001\...\Pokki) (Version: 0.269.2.322 - Pokki)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden

Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

08-09-2015 02:37:32 Scheduled Checkpoint

15-09-2015 22:12:32 Scheduled Checkpoint

17-09-2015 01:58:55 JRT Pre-Junkware Removal

17-09-2015 02:52:39 Restore Operation

18-09-2015 17:11:16 Norton_Power_Eraser_20150918171113795

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2015-09-18 17:11 - 00000054 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {17EAD851-BC20-414E-9F86-44C97D886D91} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2816509817-106147569-2285967997-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

Task: {20BD84AA-6DB8-484B-92A2-ABDEC81513DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)

Task: {23743C39-9C8A-411F-8B6A-57D35A0F8AD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {30C4CB3C-864D-4330-AA92-652E11A00506} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)

Task: {40833A92-DCC3-4644-AB6B-C3CD8C5F74B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)

Task: {468C439E-752A-4883-B010-DBD153D62D0B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)

Task: {53DE8C68-B093-4E85-AF38-53D3D1B472C5} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)

Task: {57E9DEB0-A365-4818-B667-BCA9CFCF9CE0} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)

Task: {61E72AB1-F62C-4F93-BE27-09A71BF07EF4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-29] (Microsoft Corporation)

Task: {6AB41856-EEF3-4ACF-9D81-B6BDAED91846} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation)

Task: {70AFAD68-BC0B-4BD6-AC0D-594721A95336} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)

Task: {91947324-7B48-451F-BAB2-53AC819B3CF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)

Task: {99283F50-A62F-4CE6-AA28-C927D4486FCA} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

Task: {B81107DC-B34D-4CA8-A11C-A63C9974698C} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

Task: {B93F64C9-06F0-4FCC-998E-76621AEA7ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {C3F30D05-86BC-471F-9849-5CFD5F1F1AD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {E766B6C4-AF97-4C36-8066-13C3405C7BC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)

Task: {E78D6964-29BF-4A01-9452-64C7A0837EC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {F6440898-50EE-4CE7-8D9C-680988795D46} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)

Task: {F7ABAFE5-C015-4AAA-A3C8-CAB92B965240} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-08-27 17:08 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-08-29 00:48 - 2015-08-29 00:48 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-09-17 03:54 - 2015-09-11 19:22 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libglesv2.dll

2015-09-17 03:54 - 2015-09-11 19:22 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libegl.dll

2015-09-17 03:54 - 2015-09-11 19:22 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll

2015-08-28 23:53 - 2015-08-29 00:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-08-28 23:55 - 2015-08-29 00:21 - 00194728 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\tayblaedwards\OneDrive:ms-properties

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2816509817-106147569-2285967997-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tayblaedwards\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{363064BA-C54C-419C-9ABB-BA98EB3A5034}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{C10E0296-38C6-4352-A3DD-8427CE1D6D4B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe

FirewallRules: [{823F2EE8-C16A-461C-9985-B0D00A07E314}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe

FirewallRules: [{E3DE924D-B1A6-41DA-9746-B130DD6C40B6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

FirewallRules: [{56783C32-E971-4D79-9140-DC108D9DE048}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe

FirewallRules: [{E0D71364-D02A-425C-87AB-571CDC330C33}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe

FirewallRules: [{EF7A7E01-4649-4658-AA31-1D090D1961F7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe

FirewallRules: [{26B346E4-7B10-4278-9A5E-3BD08AD09344}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{65DB2FB4-B638-4002-93C3-29884099FE83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0996B849-A7EB-445A-856B-A46A47671753}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{50DE04A2-A737-4009-B49B-DF1BDF06B67F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E7055D90-C389-48C6-8F9C-0BBCF8E758C7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{C8736D38-F32F-40A5-B5EE-2F5170933C75}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{2914FCF1-1719-41A5-AAA7-7FCFE14B18E4}] => (Allow) C:\Users\tayblaedwards\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{003A4078-72EB-404B-8A33-5E3AA3ACF3C5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{A9D0B63E-1335-46DD-9B71-B54A0AA31070}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{0468064C-C6BC-46D5-A760-F48C16F1618F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/19/2015 12:40:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2125

 

Error: (09/19/2015 12:40:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2125

 

Error: (09/19/2015 12:40:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/19/2015 12:40:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2192281

 

Error: (09/19/2015 12:40:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2192281

 

Error: (09/19/2015 12:40:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/19/2015 12:39:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2190906

 

Error: (09/19/2015 12:39:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2190906

 

Error: (09/19/2015 12:39:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/19/2015 12:39:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2189656

 

 

System errors:

=============

Error: (09/18/2015 11:17:26 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer TAMMYANDLARR-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3099AAA4-D742-420B-B5AF-485CA9479FF9}.

The master browser is stopping or an election is being forced.

 

Error: (09/18/2015 05:06:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (09/18/2015 03:31:25 PM) (Source: DCOM) (EventID: 10010) (User: TaylorPC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (09/17/2015 11:14:48 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer TAMMYANDLARR-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3099AAA4-D742-420B-B5AF-485CA9479FF9}.

The master browser is stopping or an election is being forced.

 

Error: (09/17/2015 04:33:24 AM) (Source: DCOM) (EventID: 10010) (User: TaylorPC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (09/17/2015 04:32:53 AM) (Source: DCOM) (EventID: 10010) (User: TaylorPC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (09/17/2015 04:19:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Superfetch service terminated with the following error: 

%%1062

 

Error: (09/17/2015 04:12:49 AM) (Source: DCOM) (EventID: 10010) (User: TaylorPC)

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (09/17/2015 04:12:19 AM) (Source: DCOM) (EventID: 10010) (User: TaylorPC)

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (09/17/2015 04:11:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU J1800 @ 2.41GHz

Percentage of memory in use: 46%

Total physical RAM: 4007.98 MB

Available physical RAM: 2128.56 MB

Total Virtual: 5415.98 MB

Available Virtual: 2708.61 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:450.23 GB) (Free:397.86 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery Image) (Fixed) (Total:14.05 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 6091A8B0)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

[snoochieee]

I can't get the FRST.txt log to paste here without my page crashing but I got that one. I even tried copy and pasting half at a time and it would still crash every time.

[Juliet]

• If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
• In the lower left hand corner you should see a Browse button under Attach Files
• Click the Browse button and a new window will open
• Navigate to and double click on the file you want to attach
• Once the file path is entered into the box click Attach This File
• If successful, you will see the file name appear above Attach Files with a green check mark to the left
• When you are done with your message and hit Reply the file will automatically be attached to your reply

[Juliet]

Try the above and let's go ahead and use these next 2 tools.

You will probably have to disable Norton internet security to do this.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere.
  here

Norton Internet Security 2010-2012:

Right click on the Norton icon on your Taskbar
Choose Disable Antivirus Auto-Protect
You will then be presented with a dialog asking you how long you want to disable the real-time protection.
Choose the desired time (30 minutes should be sufficient)

Reverse to re-enable.



Norton Script Blocking

Open Norton Antivirus/Norton SystemWorks/Norton Internet Security Suite.
Click on Options. If you see a menu, click on Norton Antivirus.
On your left hand side, click on Script Blocking.
On your right hand side, uncheck (untick) this box - uncheck Enable Script Blocking (recommended).
Click OK to save the settings.

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.
• -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  
  Please download Junkware Removal Tool
  or from here http://downloads.mal...es.org/file/jrt
  to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  ****
  please post
  
  AdwCleaner[CX].txt
  JRT.txt

[snoochieee]

Okay I think this is going to work attaching it like this. Now I'm going to download and run the next 2 tools you gave me.

Attached Files

•  FRST.txt   503.9KB   342 downloads

[snoochieee]

# AdwCleaner v5.008 - Logfile created 19/09/2015 at 22:11:30

# Updated 18/09/2015 by Xplode

# Database : 2015-09-17.3 [Server]

# Operating system : Windows 8.1 Connected  (x64)

# Username : tayblaedwards - TAYLORPC

# Running from : C:\Users\tayblaedwards\Desktop\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files\shopperz100920151159

[-] Folder Deleted : C:\Program Files (x86)\predm

[-] Folder Deleted : C:\Program Files (x86)\Exploremedia

[-] Folder Deleted : C:\ProgramData\MovieDeaConfig

[-] Folder Deleted : C:\ProgramData\TweakBit

[-] Folder Deleted : C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}

[-] Folder Deleted : C:\Users\tayblaedwards\AppData\Local\pokki

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\tayblaedwards\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage

[-] File Deleted : C:\Users\tayblaedwards\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal

[-] File Deleted : C:\Users\tayblaedwards\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage

[-] File Deleted : C:\Users\tayblaedwards\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\Classes\pokki

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki

[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki

[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki

[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_55bc7b2e17658f5421d76b58733bc7a84776161b

[-] Key Deleted : HKCU\Software\Pokki

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

[!] Key Not Deleted : [x64] HKCU\Software\Pokki

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2444 bytes] ##########

 

[snoochieee]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.2 (09.14.2015:1)

OS: Windows 8.1 Connected x64

Ran by tayblaedwards on Sat 09/19/2015 at 22:20:08.44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{053FF565-8C19-45F0-94A1-2C673CE28781}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{053FF565-8C19-45F0-94A1-2C673CE28781}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Users\tayblaedwards\Appdata\LocalLow\company

 

 

 

~~~ Chrome

 

 

[C:\Users\tayblaedwards\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\tayblaedwards\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\tayblaedwards\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\tayblaedwards\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 09/19/2015 at 22:25:26.64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Juliet]

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




 

start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2816509817-106147569-2285967997-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
HKU\S-1-5-21-2816509817-106147569-2285967997-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKU\S-1-5-21-2816509817-106147569-2285967997-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2816509817-106147569-2285967997-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
2015-09-15 19:32 - 2015-09-16 04:28 - 00000000 ____D C:\Program Files\shopperz100920151159
2015-08-26 20:12 - 2015-08-28 23:53 - 00000000 ____D C:\Users\tayblaedwards\AppData\Local\Pokki
C:\Users\tayblaedwards\AppData\Local\Temp\McCSPInstall.dll
C:\Users\tayblaedwards\AppData\Local\Temp\mccspuninstall.exe
C:\Users\tayblaedwards\AppData\Local\Temp\oct8ADB.tmp.exe
C:\Users\tayblaedwards\AppData\Local\Temp\pc-cleaner-setup.exe
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After running the above script, post the log it creates and tell me how the computer is now.

[snoochieee]

I think that worked! I've been browsing around my every day sites for a few minutes just to see if any ads popped up or if the bar ads were still there and I haven't seen anything that I would have yesterday. I think we fixed it!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015

Ran by tayblaedwards (2015-09-20 22:18:17) Run:1

Running from C:\Users\tayblaedwards\Desktop

Loaded Profiles: tayblaedwards (Available Profiles: tayblaedwards)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-2816509817-106147569-2285967997-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)

HKU\S-1-5-21-2816509817-106147569-2285967997-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome

SearchScopes: HKU\S-1-5-21-2816509817-106147569-2285967997-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2816509817-106147569-2285967997-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

2015-09-15 19:32 - 2015-09-16 04:28 - 00000000 ____D C:\Program Files\shopperz100920151159

2015-08-26 20:12 - 2015-08-28 23:53 - 00000000 ____D C:\Users\tayblaedwards\AppData\Local\Pokki

C:\Users\tayblaedwards\AppData\Local\Temp\McCSPInstall.dll

C:\Users\tayblaedwards\AppData\Local\Temp\mccspuninstall.exe

C:\Users\tayblaedwards\AppData\Local\Temp\oct8ADB.tmp.exe

C:\Users\tayblaedwards\AppData\Local\Temp\pc-cleaner-setup.exe

EmptyTemp:

Hosts:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-2816509817-106147569-2285967997-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value not found.

C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe => moved successfully

HKU\S-1-5-21-2816509817-106147569-2285967997-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully

HKU\S-1-5-21-2816509817-106147569-2285967997-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKU\S-1-5-21-2816509817-106147569-2285967997-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 

"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully

"C:\Program Files\shopperz100920151159" => File/Folder not found.

"C:\Users\tayblaedwards\AppData\Local\Pokki" => File/Folder not found.

C:\Users\tayblaedwards\AppData\Local\Temp\McCSPInstall.dll => moved successfully

C:\Users\tayblaedwards\AppData\Local\Temp\mccspuninstall.exe => moved successfully

C:\Users\tayblaedwards\AppData\Local\Temp\oct8ADB.tmp.exe => moved successfully

C:\Users\tayblaedwards\AppData\Local\Temp\pc-cleaner-setup.exe => moved successfully

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 1 GB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 22:19:56 ====

[Juliet]

Good deal

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

[Juliet]

Still need help?

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.