Tweet
deleted
-
-
I see you have a lot of PUPs and redirects. ZHP removed a lot, but security is our utmost priority here. To verify you are indeed clear of these before proceeding, please do the following
Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.
Once downloaded to the desktop AdwCleaner will create an icon https://www.pchelpforum.net/attachme...160702-jpg.117
Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.
Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.
AdwCleaner will open, click the scan button to start searching.
https://www.pchelpforum.net/attachme...w-scan-jpg.118
The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the “Cleaning” button.
https://www.pchelpforum.net/attachme...wclean-jpg.120
After a few seconds a message should tell you your computer will now reboot. Allow the reboot.
When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[s#].txt
https://www.pchelpforum.net/attachme...162447-jpg.119
Please Copy and Paste the contents of the log file with your next reply.Comment
-
OK, lets go ahead and run a fix with FRST. Then run adware cleaner as suggested by Jmarket, and remove some trash programs from your computer.
Remove the items from your machine with Geek Uninstaller.
Ask Toolbar (HKLM-x32...{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Bing Bar /B (Version: 7.3.132.0 - Microsoft Corporation)
Google Toolbar for Internet Explorer (HKLM-x32...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Java 8 Update 71 /B (Version: 8.0.710.15 - Oracle Corporation)
Yahoo Search Set (HKLM-x32...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.Comment
-
AdwCleaner log…
[HEADING=1]AdwCleaner v6.020 - Logfile created 21/09/2016 at 22:00:49[/HEADING]
[HEADING=1]Updated on 14/09/2016 by ToolsLib[/HEADING]
[HEADING=1]Database : 2016-09-21.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 7 Enterprise (X64)[/HEADING]
[HEADING=1]Username : vieraidx - 9SQ6GV1[/HEADING]
[HEADING=1]Running from : C:\Users\vieraidx\Desktop\adwcleaner_6.020.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : Forum: Ask for help or share your experience. - ToolsLib[/HEADING]
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\YSearchUtil
***** [ Files ] *****
[-] File deleted: C:\Users\Administrator\AppData\Local\Google\Chrome \User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.local storage
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
[-] Shortcut disinfected: C:\Users\Administrator\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (5).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (6).lnk
[-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\I nternet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKU.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\windows_ie_ac_001\Software_C rossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\windows_ie_ac_001\Software_C rossriderRegNamePlaceHolder_
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F9281 23A039649549966D4C29D35B1C9
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB58 57A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F9281 23A039649549966d4C29D35B1C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F9281 23A039649549966D4C29D35B1C9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB58 57A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F9281 23A039649549966d4C29D35B1C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\F928123A039649549966D4C29D35B1 C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\7AB5857A57A0687786597A857BFFFF FF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\F928123A039649549966d4C29D35B1 C9
[-] Value deleted: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [ Web browsers ] *****
[-] [C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\vieraidx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome \User Data\Default\Web data] [Search Provider] Deleted: isearch.avg.com
:: “Tracing” keys deleted
:: Winsock settings cleared
C:\AdwCleaner\AdwCleaner[C0].txt - [8865 Bytes] - [21/09/2016 22:00:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [9901 Bytes] - [21/09/2016 21:59:45]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9011 Bytes] ##########Comment
-
Beautiful I knew you had some remaining traces left. Now run Malnutrition’s scan and fix in this post.Comment
-
Didn’t realize Malnutrition had posted before I did the adware cleaner. So, I need to do the FRST fix now? What about the Greek unistaller? Do that before, after, or not at all?Comment
-
Run Geek Uninstaller first, then run the FRST fix. I’ll copy and paste the content below, and just follow it (y)Originally posted by BJanson
Remove the items from your machine with Geek Uninstaller.
Ask Toolbar (HKLM-x32...{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Bing Bar /B (Version: 7.3.132.0 - Microsoft Corporation)
Google Toolbar for Internet Explorer (HKLM-x32...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Java 8 Update 71 /B (Version: 8.0.710.15 - Oracle Corporation)
Yahoo Search Set (HKLM-x32...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.Comment
-
Fixlog.txg…
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by vieraidx (21-09-2016 22:44:11) Run:1
Running from C:\Users\vieraidx\Desktop
Loaded Profiles: vieraidx & UpdatusUser (Available Profiles: vieraidx & UpdatusUser & Administrator)
Boot Mode: Normal[/HEADING]
fixlist content:
start
CreateRestorePoint:
CloseProcesses::
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
HKLM-x32...\Run: =>
HKLM-x32...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32*.exe <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [39408 2013-05-18] (Google Inc.)
HKU\S-1-5-21-997763345-3520757737-165814833-1000...\MountPoints2: {37949b7a-3ac1-11e0-bfec-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18...\RunOnce: [Del477648494] => cmd.exe /Q /D /c del “C:\Windows\TEMP\0.del” <===== ATTENTION
HKU\S-1-5-18...\RunOnce: [Del47943210] => cmd.exe /Q /D /c del “C:\Windows\TEMP\0.del” <===== ATTENTION
HKU\S-1-5-18...\RunOnce: [Del134344114] => cmd.exe /Q /D /c del “C:\Windows\TEMP\0.del” <===== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448 2009-07-13] (Microsoft Corporation) ATTENTION: LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000 2009-07-13] (Microsoft Corporation) ATTENTION: LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}: [DhcpNameServer] 10.5.28.201 10.5.28.202 10.7.28.201 10.7.28.202
Tcpip..\Interfaces{9A870231-2AC3-4FC0-9E13-426C8A212208}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{E0BD89A2-0196-4F2C-8582-698D606FB76F}: [DhcpNameServer] 192.168.1.1
ManualProxies:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://intranet/WinExchange/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet/WinExchange/
SearchScopes: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper → {AA58ED58-01DD-4d91-8333-CF10577473F7} → C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Bing Bar Helper → {d2ce3e00-f94a-4740-988e-03dc2f38c34f} → C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dl l [2014-03-11] (Microsoft Corporation.)
BHO-x32: Google Toolbar Helper → {AA58ED58-01DD-4d91-8333-CF10577473F7} → C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Bing Bar Helper → {d2ce3e00-f94a-4740-988e-03dc2f38c34f} → C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dl l [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM {82DBCFDB-5658-4CFB-B32B-0828247043C0} hxxp://pdmpd.weatherford.com/Windchill/wtcore/jsp/wvs/download/x86e_win64_ie/pvvercheck_ie.cab
DPF: HKLM-x32 {58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB} hxxp://515opwebcapture/ecNet/ecNetClient.CAB
DPF: HKLM-x32 {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} hxxp://reports.asme.org/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://us.myweatherford.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} hxxp://pdmpd.weatherford.com/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF HKLM-x32...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
CHR HKLM-x32...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; ??\C:\ComboFix\catchme.sys
S3 dbx; system32\DRIVERS\dbx.sys
S3 dcdbas; system32\DRIVERS\dcdbas64.sys
S1 hzbfcuob; ??\C:\Windows\system32\drivers\hzbfcuob.sys
S1 scyiuwuw; ??\C:\Windows\system32\drivers\scyiuwuw.sys
C:\Windows\system32\drivers\scyiuwuw.sys
C:\Windows\system32\drivers\hzbfcuob.sys
C:\Users\vieraidx\AppData\LocalLow\AskToolbar
C:\Program Files (x86)\Ask.com
1999-10-30 22:54 - 2012-08-28 02:34 - 0561152 _____ (Joshua F. Madison) C:\Program Files\Convert.exe
1999-10-29 20:55 - 2012-08-28 02:34 - 0000616 _____ () C:\Program Files\readme.txt
2013-09-20 08:02 - 2013-09-20 08:02 - 0038479 _____ () C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-09-20 08:03 - 2014-04-15 13:37 - 0009369 _____ () C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).EML
2013-10-21 11:46 - 2014-11-12 09:08 - 0000670 _____ () C:\Users\vieraidx\AppData\Local\FlownexFiles.ini
2008-04-28 13:21 - 2008-04-28 13:21 - 0003120 _____ () C:\Users\vieraidx\AppData\Local\Pumpflo_100.dat
2012-08-06 10:53 - 2010-03-24 17:46 - 0000017 _____ () C:\Users\vieraidx\AppData\Local\resmon.resmoncfg
2015-02-10 06:18 - 2015-02-10 06:18 - 0000000 _____ () C:\Users\vieraidx\AppData\Local{103B46B2-6340-4BE1-AE64-BC12338574D5}
2015-10-10 10:18 - 2015-10-10 10:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-08-03 09:31 - 2012-08-03 09:31 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
Task: {06EBCAE2-4916-4E40-B8AB-B4D03AAADADE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1F497ED0-E67B-4BA5-9946-8FA28EFE8CB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B234C788-DE2B-4B45-87F4-6A4165D43EB7} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {B95EE88F-5B05-4699-B67D-D0B06D03DA61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {DB0FCB04-F09A-4ADC-98EC-2ECE73FB8CDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
ShortcutWithArgument: C:\Users\vieraidx\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\User Pinned\TaskBar\chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → "
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → "
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
RemoveProxy:
Emptytemp:
reboot:
end
Restore point was successfully created.
Processes closed successfully.
“C:\Program Files (x86)\Ask.com\Updater\Updater.exe” => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\ApnUpdater => value not found.
HKLM Group Policy restriction on software: %APPDATA%\ii*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32*.exe <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Windows\CurrentVersion\ Run\swg => value not found.
HKU\S-1-5-21-997763345-3520757737-165814833-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{37949b7a-3ac1-11e0-bfec-806e6f6e6963} => key not found.
HKCR\CLSID{37949b7a-3ac1-11e0-bfec-806e6f6e6963} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOn ce\Del477648494 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOn ce\Del47943210 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOn ce\Del134344114 => value removed successfully
Winsock: Catalog5 000000000001\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{8B82C5EB-B47B-4175-90AD-AD8B71B8FB01}\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{9A870231-2AC3-4FC0-9E13-426C8A212208}\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{E0BD89A2-0196-4F2C-8582-698D606FB76F}\DhcpNameServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies\ => value removed successfully
“HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer” => key removed successfully
“HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Policies\Microsoft\Internet Explorer” => key removed successfully
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page => value removed successfully
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page => value removed successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main\Search Page => value restored successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main\Start Page => Error setting value.
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main\Start Page Redirect Cache => value not found.
HKU\S-1-5-21-997763345-3520757737-165814833-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => Error setting value.
“HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => key removed successfully
HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKCR\CLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKCR\CLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKCR\Wow6432Node\CLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKCR\Wow6432Node\CLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} => value not found.
HKCR\CLSID{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} => value not found.
HKCR\Wow6432Node\CLSID{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\Wow6432Node\CLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{82DBCFDB-5658-4CFB-B32B-0828247043C0}” => key removed successfully
“HKCR\CLSID{82DBCFDB-5658-4CFB-B32B-0828247043C0}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB}” => key removed successfully
“HKCR\Wow6432Node\CLSID{58B355C1-AB1C-4E66-BCB7-FA1E41E4D9EB}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{A1B8A30B-8AAA-4A3E-8869-1DA509E8A011}” => key removed successfully
“HKCR\Wow6432Node\CLSID{A1B8A30B-8AAA-4A3E-8869-1DA509E8A011}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{D27CDB6E-AE6D-11CF-96B8-444553540000}” => key removed successfully
“HKCR\Wow6432Node\CLSID{D27CDB6E-AE6D-11CF-96B8-444553540000}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{F27237D7-93C8-44C2-AC6E-D6057B9A918F}” => key removed successfully
“HKCR\Wow6432Node\CLSID{F27237D7-93C8-44C2-AC6E-D6057B9A918F}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{F694EA1F-2EC1-445D-8988-1862AD0CC4C8}” => key removed successfully
“HKCR\Wow6432Node\CLSID{F694EA1F-2EC1-445D-8988-1862AD0CC4C8}” => key removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value not found.
“HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extension s\nogdfjjfhknacchjpiccacoimeelkajb” => key removed successfully
catchme => service removed successfully
dbx => service removed successfully
dcdbas => service removed successfully
hzbfcuob => service removed successfully
scyiuwuw => service removed successfully
“C:\Windows\system32\drivers\scyiuwuw.sys” => not found.
“C:\Windows\system32\drivers\hzbfcuob.sys” => not found.
“C:\Users\vieraidx\AppData\LocalLow\AskToolbar” => not found.
“C:\Program Files (x86)\Ask.com” => not found.
C:\Program Files\Convert.exe => moved successfully
C:\Program Files\readme.txt => moved successfully
C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).ADR => moved successfully
C:\Users\vieraidx\AppData\Roaming\Comma Separated Values (Windows).EML => moved successfully
C:\Users\vieraidx\AppData\Local\FlownexFiles.ini => moved successfully
C:\Users\vieraidx\AppData\Local\Pumpflo_100.dat => moved successfully
C:\Users\vieraidx\AppData\Local\resmon.resmoncfg => moved successfully
“C:\Users\vieraidx\AppData\Local{103B46B2-6340-4BE1-AE64-BC12338574D5}” => not found.
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{06EBCAE 2-4916-4E40-B8AB-B4D03AAADADE}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{06EBCAE 2-4916-4E40-B8AB-B4D03AAADADE}” => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1F497ED 0-E67B-4BA5-9946-8FA28EFE8CB4}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1F497ED 0-E67B-4BA5-9946-8FA28EFE8CB4}” => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B234C78 8-DE2B-4B45-87F4-6A4165D43EB7}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B234C78 8-DE2B-4B45-87F4-6A4165D43EB7}” => key removed successfully
C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 4500 series => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustPa rticipation HP ENVY 4500 series” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{B95EE88 F-5B05-4699-B67D-D0B06D03DA61}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B95EE88 F-5B05-4699-B67D-D0B06D03DA61}” => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DB0FCB0 4-F09A-4ADC-98EC-2ECE73FB8CDC}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DB0FCB0 4-F09A-4ADC-98EC-2ECE73FB8CDC}” => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater” => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Users\vieraidx\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\User Pinned\TaskBar\chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
Ethernet adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wft.root.loc
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3811:920f:9492:88d9%11
Default Gateway . . . . . . . . . :
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{E0BD89A2-0196-4F2C-8582-698D606FB76F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
Ethernet adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wft.root.loc
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3811:920f:9492:88d9%11
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{E0BD89A2-0196-4F2C-8582-698D606FB76F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
There’s no user specified settings to be reset.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= RemoveProxy: =========
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Microsoft\Windows\CurrentVersion\ Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1213323324-3724858365-2759078338-2026190\SOFTWARE\Microsoft\Windows\CurrentVersion\ Internet Settings\Connections\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24727061 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 94788 B
Edge => 0 B
Chrome => 502100575 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 5662905 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66116 B
systemprofile32 => 17061739 B
LocalService => 33125 B
NetworkService => 39914 B
vieraidx => 69015111 B
UpdatusUser => 5662905 B
Administrator => 5762872 B
RecycleBin => 41101707 B
EmptyTemp: => 648.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:45:16 ====Comment
-
OK. Go ahead and run Geek Uninstaller and remove the following entries:
Ask Toolbar
Ask Toolbar Updater
Bing Bar
Google Toolbar for Internet Explorer
Java 8 Update 71
Yahoo Search Set
These are junk and need to be removed.
After doing so, run AdwCleaner once more to ensure that all PUPs are removed and post the logComment
-
I’ll try again - last time the ask an yahoo related ones didn’t show up.Comment
-
None show up this time. I previously uninstalled bing, google, and java. The ask and yahoo didn’t show.Comment
-
OK. Go ahead and run AdwCleaner once more and post its log.Comment
-
Found no threat. Here’s the log (won’t paste for some reason)…Comment
-
Awesome Are you still experiencing popups and redirects?Comment
-
No, those stopped after the first day of fixes. Thanks for all your help jmarket and Malnutrition!!Originally posted by jmarketComment
Comment