Broadcaster Channel pop-ups

**Malnutrition** · 02-22-2017, 08:09 AM

You can also see these links for help.

http://www.cod.edu/people/faculty/grantm/dsktopsave.htm

http://solutionfile.trendmicro.com/solutionfile/Titanium3/desktopv7.html

If you run into this error.

[ATTACH]1614[/ATTACH]

You may have more than one fixlist on your machine and you have something like [MEDIA=imgur]tnJwSXW[/MEDIA].

In this case, you will want to right click on the file and and select rename.

Then delete the (2) so that it only says fixlist. Like so… [ATTACH]1615[/ATTACH]

Then you can right click on FRST and click the fix button.

**Isorene** · 02-22-2017, 09:11 AM

I am sorry to be this dumb pertaining to computers, but I did put FRST and the other one on desktop with Everything but when I right clicked, did not show run as adm option so I clicked open but then it shows 3 files, don’t know what to do.

**Malnutrition** · 02-22-2017, 09:14 AM

Ok, lets do this.

Right click FRST and select properties.
Then Compatibility tab
Then run this program as admin.
Click Apply then OK.

[ATTACH]1616[/ATTACH]

Now double click FRST and push the fix button.

**Isorene** · 02-22-2017, 09:31 AM

This is what I get when clicked on properties.[ATTACH]1617[/ATTACH]

**Malnutrition** · 02-22-2017, 01:11 PM

Ok, you have clicked on a folder.
Delete your copy of FRST
Download a fresh copy from the link below.

Please download the FRST 32 bit Save it to your desktop.
Right click run as admin.

You already have the fixlist on your deskop so that is good.

[ATTACH]1618[/ATTACH]

**Malnutrition** · 02-22-2017, 06:20 PM

Change the download folder setting in the default Browser only, so all tools we may use are saved to the Desktop:
https://dl.dropboxusercontent.com/u/...ons/Chrome.JPG Google Chrome - Click the “Customize and control Google Chrome” button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/...e/Settings.JPG
Choose Settings. at the bottom of the screen click the
“Show advanced settings…” link. Scroll down to find the Downloads section and click the Change… button. Select your desktop and click OK.

https://dl.dropboxusercontent.com/u/...ns/Firefox.JPG Mozilla Firefox - Click the “Open Menu” button in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/...x/Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the “Select Folder” button. Click OK to get out of the Options menu.

https://dl.dropboxusercontent.com/u/...o/Icons/IE.jpg Internet Explorer - Click the Tools menu in the upper right-corner of the browser. https://dl.dropboxusercontent.com/u/...o/IE/Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

http://i121.photobucket.com/albums/o...edge.pngChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on “Downloads” folder and select “Properties”

In the new window select “Location” tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select “Apply” then “OK”

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location…

**Isorene** · 02-22-2017, 06:41 PM

I did the this last thing you asked, and here is the log of the FRST thingy.

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-02-2017

[/quote]

Ran by sandra123 (22-02-2017 18:21:10) Run:1
Running from C:\Users\sandra123\Desktop
Loaded Profiles: sandra123 (Available Profiles: sandra123)
Boot Mode: Normal

==============================================

fixlist content:

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
C:\Program Files\NetRatingsNetSight
C:\Program Files\GfK Internet-Monitor
C:\Program Files\SUPERAntiSpyware
HKU\S-1-5-21-109433473-37108459-277044693-1001...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-08] (SUPERAntiSpyware)
HKU\S-1-5-21-109433473-37108459-277044693-1001...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [880920 2016-12-26] (www.privacyroot.com)
HKU\S-1-5-21-109433473-37108459-277044693-1001...\Run: [GoogleChromeAutoLaunch_72A44A76D81B451D279602D7456 7B17A] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
Startup: C:\Users\sandra123\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2016-12-04]
ShortcutTarget: Wipe Tray Agent.lnk → C:\Program Files\Wipe\Wipe.exe (PrivacyRoot.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip..\Interfaces{1E332B64-6BBF-45F0-AB2D-C43CD7E93446}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM → DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM → {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 → DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 → {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: GfK Internet-Monitor → {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} → C:\Program Files\GfK Internet-Monitor\Gacela2.dll [2016-02-01] (GfK)
BHO: Skype Click to Call for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FF Extension: (GfK Internet) - C:\Program Files\GfK Internet-Monitor\FirefoxAddon.xpi [2017-02-21]
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
CHR Extension: (VouchShare - UK Voucher Codes) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bghnjgpffphlfnbdgcpgbnbkib ekpcak [2016-05-07]
CHR Extension: (Yahoo Partner) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bjicifbhnpakmaekfnphojjehh nifkmc [2017-01-18]
CHR Extension: (YouTube) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-30]
CHR Extension: (Quidco Cashback Reminder) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\elfdpdgmnodokhbiabbcjabmhp dajcog [2016-05-20]
CHR Extension: (GfK Internet-Monitor) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ggfendnnkdmkiegggcbdpcmpfi incaap [2016-02-26]
CHR Extension: (B.S. Detector) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\dlcgkekjiopopabcifhebmphmfmdbjod [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-01]
CHR Extension: (¿Qué cocino hoy?) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\enadeelnincmhhilgbiphjbjnnagnhmh [2016-11-09]
CHR Extension: (GfK Internet-Monitor) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\ggfendnnkdmkiegggcbdpcmpfiincaap [2016-09-14]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2016-11-09]
CHR Extension: (Yahoo Homepage) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2017-01-15]
CHR Extension: (Until AM Web App) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-11-09]
CHR Extension: (Webcam Toy) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-11-09]
CHR Extension: (Writer) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2016-11-09]
CHR HKLM...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-08] (SUPERAntiSpyware.com)
R2 GfK-Reporting-Service; C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe [1940032 2016-02-01] ()
R2 GfK-Update-Service; C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe [1475776 2015-08-24] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2017-02-20 20:25 - 2017-02-20 20:25 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\sandra123\Downloads\SpyHunter-Installer.exe
C:\Program Files\Windows 8 - 8.1 KMS Activator Ultimate 2014 v1.5.1
C:\Program Files\SUPERAntiSpyware
C:\Windows\system32\MRT
C:\Users\sandra123\AppData\Local\Temp
Task: {49598F83-B7CC-46EE-AC5A-F8A3DE4A93D7} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E3259ED-2FF0-440C-AE2C-1C569025C142} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E497CDA-EC10-4910-BD6E-C777866B92B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {94CA72AF-2908-44E9-94F0-9A5D28EF121E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {9A9B17DF-019E-456A-84FB-CDE223E0B834} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2016-09-22] (Adobe Systems Incorporated)
Task: {B7417245-362F-457F-B8C7-CFD59449A97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {DBB78481-F438-4F2D-B671-960ECD61F7BD} - System32\Tasks{A197349C-5621-4226-9241-BB23616C7666} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
C:\Windows\Tasks\Adobe Flash Player Updater.job
ShortcutWithArgument: C:\Users\sandra123\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Googl e Chrome.lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 1”
C:\Windows\system32\Drivers\etc\hosts
hosts:
C:\users\sandra123\appdata\roaming\bittorrent
C:\Program Files\360
C:\Windows\system32\drivers\qutmipc.sys
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [64872 2016-06-03] (360.cn)
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
End

Restore point was successfully created.
Processes closed successfully.
“C:\Program Files\NetRatingsNetSight” => not found.
C:\Program Files\GfK Internet-Monitor => moved successfully
C:\Program Files\SUPERAntiSpyware => moved successfully
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Windows\CurrentVersion\Run \SUPERAntiSpyware => value removed successfully.
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Windows\CurrentVersion\Run \Wipe Maintance => value removed successfully.
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Windows\CurrentVersion\Run \GoogleChromeAutoLaunch_72A44A76D81B451D279602D745 67B17A => value removed successfully.
C:\Users\sandra123\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\Wipe Tray Agent.lnk => moved successfully
C:\Program Files\Wipe\Wipe.exe => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{1E332B64-6BBF-45F0-AB2D-C43CD7E93446}\DhcpNameServer => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL => value restored successfully
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key removed successfully.
HKCR\CLSID{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
HKU\S-1-5-21-109433473-37108459-277044693-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully.
HKU\S-1-5-21-109433473-37108459-277044693-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key removed successfully.
HKCR\CLSID{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key removed successfully.
HKCR\CLSID{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{4BEEA052-726D-4A6E-B65D-A6BD07C263F3} => key removed successfully.
HKCR\CLSID{4BEEA052-726D-4A6E-B65D-A6BD07C263F3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key removed successfully.
HKCR\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key removed successfully.
HKCR\CLSID{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKCR\PROTOCOLS\Handler\osf => key not found.
HKCR\CLSID{D924BDC6-C83A-4BD5-90D0-095128A113D1} => key not found.
HKCR\PROTOCOLS\Handler\skypec2c => key not found.
HKCR\CLSID{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
C:\Program Files\GfK Internet-Monitor\FirefoxAddon.xpi => not found.
HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully.
C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully.
“C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll” => not found.
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bghnjgpffphlfnbdgcpgbnbkib ekpcak => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bjicifbhnpakmaekfnphojjehh nifkmc => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\elfdpdgmnodokhbiabbcjabmhp dajcog => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ggfendnnkdmkiegggcbdpcmpfi incaap => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\dlcgkekjiopopabcifhebmphmfmdbjod => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\enadeelnincmhhilgbiphjbjnnagnhmh => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\ggfendnnkdmkiegggcbdpcmpfiincaap => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade => moved successfully
C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\pnengefjfhgcceajaepbjhanoojifmog => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnn ibpcajpcglclefindmkaj => key removed successfully.
!SASCORE => Service stopped successfully.
HKLM\System\CurrentControlSet\Services!SASCORE => key removed successfully.
!SASCORE => service removed successfully.
HKLM\System\CurrentControlSet\Services\GfK-Reporting-Service => key removed successfully.
GfK-Reporting-Service => service removed successfully.
HKLM\System\CurrentControlSet\Services\GfK-Update-Service => key removed successfully.
GfK-Update-Service => service removed successfully.
SASDIFSV => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SASDIFSV => key removed successfully.
SASDIFSV => service removed successfully.
SASKUTIL => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SASKUTIL => key removed successfully.
SASKUTIL => service removed successfully.
C:\Users\sandra123\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Program Files\Windows 8 - 8.1 KMS Activator Ultimate 2014 v1.5.1 => moved successfully
“C:\Program Files\SUPERAntiSpyware” => not found.
C:\Windows\system32\MRT => moved successfully

“C:\Users\sandra123\AppData\Local\Temp” folder move:

Could not move “C:\Users\sandra123\AppData\Local\Temp” => Scheduled to move on reboot.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{49598F8 3-B7CC-46EE-AC5A-F8A3DE4A93D7} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{49598F8 3-B7CC-46EE-AC5A-F8A3DE4A93D7} => key removed successfully.
C:\Windows\System32\Tasks\googleupdatetaskmachineu a => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\googleup datetaskmachineua => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{6E3259E D-2FF0-440C-AE2C-1C569025C142} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6E3259E D-2FF0-440C-AE2C-1C569025C142} => key removed successfully.
C:\Windows\System32\Tasks\googleupdatetaskmachinec ore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\googleup datetaskmachinecore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{6E497CD A-EC10-4910-BD6E-C777866B92B3} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6E497CD A-EC10-4910-BD6E-C777866B92B3} => key removed successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdat e => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\Ap pleSoftwareUpdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{94CA72A F-2908-44E9-94F0-9A5D28EF121E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{94CA72A F-2908-44E9-94F0-9A5D28EF121E} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ EOSNotify => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\EOSNotify => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9A9B17D F-019E-456A-84FB-CDE223E0B834} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9A9B17D F-019E-456A-84FB-CDE223E0B834} => key removed successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{B741724 5-362F-457F-B8C7-CFD59449A97C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B741724 5-362F-457F-B8C7-CFD59449A97C} => key removed successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DBB7848 1-F438-4F2D-B671-960ECD61F7BD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DBB7848 1-F438-4F2D-B671-960ECD61F7BD} => key removed successfully.
C:\Windows\System32\Tasks{A197349C-5621-4226-9241-BB23616C7666} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{A197349C-5621-4226-9241-BB23616C7666} => key removed successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Users\sandra123\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Googl e Chrome.lnk => Shortcut argument removed successfully..
C:\Windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
“C:\users\sandra123\appdata\roaming\bittorrent” => not found.
C:\Program Files\360 => moved successfully
C:\Windows\system32\drivers\qutmipc.sys => moved successfully
HKLM\System\CurrentControlSet\Services\qutmipc => key removed successfully.
qutmipc => service removed successfully.

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-109433473-37108459-277044693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-109433473-37108459-277044693-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22139447 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 7845824 B
Edge => 0 B
Chrome => 809534044 B
Firefox => 19513065 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 56039583 B
Public => 0 B
systemprofile => 514296 B
LocalService => 10492864 B
NetworkService => 0 B
sandra123 => 383866824 B

RecycleBin => 87624154 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-02-2017 18:34:19)

“C:\Users\sandra123\AppData\Local\Temp” => Could not move

==== End of Fixlog 18:34:22 ====

**Malnutrition** · 02-22-2017, 06:47 PM

Ok, now how is your machine? What issues remain?

**Isorene** · 02-22-2017, 06:53 PM

Well, to know for sure I would have to wait and see, because the Broadcaster Channel pop-up appeared randomly on a daily basis. At the moment it looks good and it is loading faster, that’s for sure! Thank you very much, in special for your patience, and I guess if anything goes wrong again, we’ll talk again,

**Malnutrition** · 02-22-2017, 06:57 PM

Alright, I will mark this one as solved but leave it open for a couple of days just come back and let us know.

Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

**Isorene** · 02-22-2017, 08:12 PM

Done! Thanks again, and let’s hope you don’t see me here again!

**Isorene** · 02-24-2017, 09:47 AM

Hi, well the laptop has been better, but just now I was online and suddenly, my page closed and I got the pop-up.
[ATTACH]1672[/ATTACH]

**Malnutrition** · 02-24-2017, 10:25 AM

Clean up temp files and reduce startup load with CCleaner.

Note: This tool will clean your browsing history as well.
[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

Rogue Killer Scan.

Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

Link 1
Link 2

[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
[li]After All items are checked then press Remove Selected.[/li]
[li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
[li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

**Isorene** · 02-24-2017, 01:54 PM

RogueKiller V12.9.8.0 [Feb 21 2017] (Free) by Adlice Software

[/quote]

mail : Support Form | Contact • Adlice Software
Feedback : http://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 32 bits version
Started in : Normal mode
User : sandra123 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete – Date : 02/24/2017 13:08:33 (Duration : 00:35:37)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} → Deleted
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} → Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [ http://www.google.com/||https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&.done=https://mg.mail.yahoo.com/neo/relogin? ] → Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST320LT020-9YG142 +++++
— User —
[MBR] 1628ce3f012a7dd033869088c109c970
[BSP] 7615f531c91b1e9ebe7e6e1125bb960d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 12442 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25563136 | Size: 292762 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 … OK
User = LL2 … OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

**Isorene** · 02-24-2017, 02:14 PM

Junkware Removal Tool (JRT) by Malwarebytes

[/quote]

Version: 8.1.0 (12.05.2016)
Operating System: Windows 8 Pro x86
Ran by sandra123 (Administrator) on 24/02/2017 at 14:09:17.96

Code:



File System: 10

Successfully deleted: C:\ProgramData\1468602465.bdinstall.bin (File)
Successfully deleted: C:\Users\sandra123\AppData\Roaming\imvuclient (Folder)
Successfully deleted: C:\Users\sandra123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0X6XTS58 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sandra123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FMB80Q6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sandra123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMA8YCZ0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\sandra123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFVC18EV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0X6XTS58 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FMB80Q6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMA8YCZ0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFVC18EV (Temporary Internet Files Folder)

Deleted the following from C:\Users\sandra123\AppData\Roaming\Mozilla\Firefox\Profiles\4p6mfa8j.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_72A44A76D81B451D279602D74567B17A (Registry Value)

Scan was completed on 24/02/2017 at 14:11:54.55
End of JRT log

Broadcaster Channel pop-ups

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment