The txt file is listed below:
swMBR version 1.0.1.2201 Copyright(c) 2014 AVAST Software
Run date: 2014-11-12 22:37:00
-----------------------------
22:37:00.997 OS Version: Windows x64 6.1.7601 Service Pack 1
22:37:00.997 Number of processors: 4 586 0x2505
22:37:00.997 ComputerName: DEBORAH-PC UserName: Bruce
22:37:02.447 Initialize success
22:37:02.744 VM: initialized successfully
22:37:02.744 VM: Intel CPU supported
22:37:16.120 VM: not used
22:37:42.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:42.361 Disk 0 Vendor: TOSHIBA_ GH01 Size: 305245MB BusType: 3
22:37:42.501 Disk 0 MBR read successfully
22:37:42.501 Disk 0 MBR scan
22:37:42.501 Disk 0 Windows VISTA default MBR code
22:37:42.517 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:37:42.517 Disk 0 default boot code
22:37:42.548 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294480 MB offset 3074048
22:37:42.564 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9264 MB offset 606169088
22:37:42.704 Disk 0 scanning C:\windows\system32\drivers
22:37:50.395 Service scanning
22:37:54.389 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20141107.001_cbf\BHDrvx64.sys **LOCKED** 5
22:37:55.715 Service ccSet_NIS C:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys **LOCKED** 5
22:38:03.484 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20141112.001\IDSvia64.sys **LOCKED** 5
22:38:09.802 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141112.002\ENG64.SYS **LOCKED** 5
22:38:10.004 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141112.002\EX64.SYS **LOCKED** 5
22:38:19.583 Service SRTSPX C:\windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS **LOCKED** 5
22:38:20.690 Service SymDS C:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS **LOCKED** 5
22:38:20.987 Service SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:38:21.143 Service SymIRON C:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS **LOCKED** 5
22:38:21.299 Service SymNetS C:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS **LOCKED** 5
22:38:30.175 Modules scanning
22:38:30.191 Disk 0 trace - called modules:
22:38:30.284 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:38:30.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033bf060]
22:38:30.300 3 CLASSPNP.SYS[fffff8800119543f] -> nt!IofCallDriver -> [0xfffffa800313b310]
22:38:30.316 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003141050]
22:38:30.331 Disk 0 statistics 90788/0/0 @ 5.96 MB/s
22:38:30.331 Scan finished successfully
22:39:22.966 Disk 0 MBR has been saved successfully to "C:\Users\Bruce\Documents\computer repair\MBR.dat"
22:39:22.966 The log file has been saved successfully to "C:\Users\Bruce\Documents\computer repair\aswMBR.txt"

Additionally, Farbar is being blocked by Norton Internet Security

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

I have read all of your prior posts and from this time forward anything I advise to be downloaded please actually save it to the desktop rather than this location you have been using:-

computer repair

In the Documents folder. Reason being it is prudent to run specific tools from the desktop and when the time I give the all clear I employ a methodology to remove all used during the course of a malware removal process and if not on the desktop will have to be manually removed etc.

Now with regard to this you mentioned:


Farbar is being blocked by Norton Internet Security
This is merely the security software being somewhat over zealous and what is known as a false positive detection. So disable the aforementioned for the time being, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Then after completion of the below re-enable etc.

Next:

For some reason your machine appears to have a Vista master boot record rather than a Windows 7 one. Possibly you updated the Operating System and or the manufacturer shipped it with such, however to err on the side of caution I would like to check this out.

There is a copy of the mbr located here:-

C:\Users\Bruce\Documents\computer repair\MBR.dat

Send this to a Zip file, if not sure how to do so instructions can be viewed here (http://windows.microsoft.com/en-gb/windows/compress-uncompress-files-zip-files#1TC=windows-7). Then attach the aforementioned Zip file in your next reply please.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to your Desktop.


Right-click on FRST.exe and select Run as Administrator to start FRST.
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered ?
MBR Zip File.
Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

there seems to be no interference from the adware at this time.
When running the FRST.exe I receive an error message that states as follows:

Line 10220(File"C:Users\Bruce\Desktop\FRST.exe")
Error: Variable being used without being declared
Thank you for your help thus far
BRZ

Hi. :)


When running the FRST.exe I receive an error message that states as follows:
Is this actually occurring when Norton Internet Security is disabled ?

the MBR zip file is attached
thanks

[One of the FRST zip files is attached

Hi. :)


Is this actually occurring when Norton Internet Security is disabled ?

Yes- Itried again with Norton smart firewall and antivirus auto protect disabled and I receive the same error message

Hi. :)


Yes- Itried again with Norton smart firewall and antivirus auto protect disabled and I receive the same error message
Acknowledged, I'll ask the developer about this. In the meantime carry out the below for myself please as follows...

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).


Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Under the Custom Scan/Fixes box cut & paste this in:-

netsvcs
baseservices
%systemdrive%\*.exe
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CreateRestorePoint


Now click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.

Hi. :)

Please ignore my prior post and run a scan again with the Scan with Farbar Recovery Scan Tool per post #2 (http://forums.spybot.info/showthread.php?71434-Laflurla-adware-not-yielding-to-Spybot&p=458916&viewfull=1#post458916). Farbar Recovery Scan Tool should auto update itself when you launch it before the actual scan commences etc.

I have attached the zip files as requested. I also attached the OTL zip in the event that it might be useful as well.
Thank you for your continued assistance.
BRZ

Hi. :)


Thank you for your continued assistance.
You're welcome and no need to attach anything from this point forward, merely post any requested logs please.

I have checked out the MBR all appears fine and I am of the mind if something is not broken do not fix so we will leave as is. Still not a complete FRST log but we can come back to that in shortly.

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outlined in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution (http://support.microsoft.com/kb/2719662)

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit (http://download.microsoft.com/download/E/2/3/E23783A8-6602-48C9-81A7-3B512F6E938B/MicrosoftFixit50906.msi) utility to rectify this.

Note: Ensure you reboot you machine when prompted before proceeding any further.

Scan with AdwCleaner:

Please download adwcleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) and save to your desktop.


Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Re-scan with Farbar Recovery Scan Tool:

Please delete the current version of FRST64.exe and both the FRST and Addition logs, then empty the Recycle Bin.

Then re-download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to your desktop.


Right-click on FRST64.exe and select Run as Administrator to start FRST.
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
AdwCleaner Log.
Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

The adware does not seem to be a bother at present.
The zipfiles are attached per your request.
Thank you
BRZ

Addition zip file is attached here as well.
Apologize for my error.
BRZ

Hi. :)


The adware does not seem to be a bother at present.
Good, please bare in mind what I asked prior:-


no need to attach anything from this point forward, merely post any requested logs please.
Also could you please post the log created by AdwCleaner before we proceed any further for my review, thank you.

It finally dawned on me how I should cut and paste the files into a thread. I apologize for any earlier inconvenience
BRZ

# AdwCleaner v4.101 - Report created 17/11/2014 at 11:33:13
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - DEBORAH-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : {6b320d34-648f-46d8-8353-a4300db1c49c}w64

***** [ Files / Folders ] *****

File Found : C:\windows\System32\\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Bruce\AppData\Local\pay-by-ads
Folder Found : C:\Users\Bruce\AppData\LocalLow\HPAppData
Folder Found : C:\windows\System32\ljkb
Folder Found : C:\windows\SysWOW64\SearchProtect

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [4080 octets] - [17/11/2014 11:33:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4140 octets] ##########
# AdwCleaner v4.101 - Report created 17/11/2014 at 11:50:57
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - DEBORAH-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
Service Deleted : {6b320d34-648f-46d8-8353-a4300db1c49c}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\windows\System32\ljkb
Folder Deleted : C:\Users\Bruce\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\Bruce\AppData\LocalLow\HPAppData
File Deleted : C:\windows\System32\\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [4252 octets] - [17/11/2014 11:33:13]
AdwCleaner[S0].txt - [3915 octets] - [17/11/2014 11:50:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3975 octets] ##########

Hi. :)


I apologize for any earlier inconvenience
Not a problem lets proceed as follows shall we...

Uninstall Software:

Please click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Laflurla

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

11865


Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
Your machine should now automatically reboot itself.
Post the contents of the newly created Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Scan with JRT:

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Alternate download is here (http://thisisudax.org/downloads/JRT.exe).

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered ?
Fixlog Log from the Custom FRST Script.
Junkware Removal Tool Log.

The computer seems to be working without inerrruption- that is, no unwanted irritating adware popups.
BRZ

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Bruce at 2014-11-19 11:06:58 Run:1
Running from C:\Users\Bruce\Desktop
Loaded Profile: Bruce (Available profiles: Bruce)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1647694867-1531263975-1063293069-1003 -> {26903760-B66C-4875-B5A1-009D551EA1D3} URL =
BHO: TidyNetwork -> {1BFB42B7-2543-32F2-F140-93B319521810} -> C:\Program Files (x86)\TidyNetwork\petn64.dll No File
C:\Program Files (x86)\TidyNetwork
2014-11-12 13:42 - 2014-10-06 12:04 - 00043798 _____ () C:\windows\SysWOW64\bddel.dat
Task: {47168BB5-8A01-468C-9298-B5E97CBA8B81} - System32\Tasks\TidyNetwork Update => C:\Users\Deborah\AppData\Local\TidyNetwork\petnupdate.exe
C:\Users\Deborah\AppData\Local\TidyNetwork
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
emptytemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-1647694867-1531263975-1063293069-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26903760-B66C-4875-B5A1-009D551EA1D3}" => Key deleted successfully.
"HKCR\CLSID\{26903760-B66C-4875-B5A1-009D551EA1D3}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BFB42B7-2543-32F2-F140-93B319521810}" => Key deleted successfully.
"HKCR\CLSID\{1BFB42B7-2543-32F2-F140-93B319521810}" => Key deleted successfully.
"C:\Program Files (x86)\TidyNetwork" => File/Directory not found.
C:\windows\SysWOW64\bddel.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47168BB5-8A01-468C-9298-B5E97CBA8B81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47168BB5-8A01-468C-9298-B5E97CBA8B81}" => Key deleted successfully.
C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"C:\Users\Deborah\AppData\Local\TidyNetwork" => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

EmptyTemp: => Removed 272.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Bruce on Wed 11/19/2014 at 11:20:09.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/19/2014 at 13:44:12.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
thanks for your continued assistance
BRZ

Hi. :)


The computer seems to be working without inerrruption- that is, no unwanted irritating adware popups.
Good.


thanks for your continued assistance
You're welcome! A few more scans to complete as follows...

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware (http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe) to your desktop.


Right-click on mbam-setup-2.0.3.1025.exe and select Run as Administrator, then follow the prompts to install the program.
Select the language and click OK >> Accept the agreement.
Deselect the check-mark next to Enable the Free Trial as otherwise this will cause a security conflict with presently installed security software and then ensure Launch Malwarebytes' Anti-Malware is selected, then click on finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Scan Now".
The scan may take some time to finish, so please be patient.
When the scan is complete, click on Quarantine All
When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
Double click on the last scan done, then on Copy to Clipboard.
To submit your reply, click on Add Reply, then right click on the window and select Paste.
Submit your reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner (http://pandacloudcleaner.pandasecurity.com/facebook/) and save to your desktop.

Alternate downloads are here (http://acs.pandasoftware.com/pandacloudcleaner/installers/activescan/PandaCloudCleaner.exe) and here (http://www.majorgeeks.com/files/details/panda_cloud_cleaner.html).


Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
Please be patient as the scan may take some time to complete depending on your system's specifications.
Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
Save this to your desktop and post the contents in your next reply.
Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 11/20/2014 8:38:39 PM, SYSTEM, DEBORAH-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.18.1,
Update, 11/20/2014 8:38:44 PM, SYSTEM, DEBORAH-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.20.9,
Scan, 11/20/2014 10:23:26 PM, SYSTEM, DEBORAH-PC, Manual, Start:11/20/2014 8:38:57 PM, Duration:25 min 29 sec, Threat Scan, Completed, 0 Malware Detections, 5 Non-Malware Detections,

(end)

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Thanks
BRZ

Hi. :)

All appears fine and the detection from Panda is what is known as a false positive and no further action is required.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Slow Computer/browser? (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Clean up with OTL:


Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-


Right click on Computer and select Properties >> System protection >> Create....
Give this restore point a descriptive name and click Create.
When the new restore point is created click on OK >> close the System Properties window.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-


Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
Select the system drive, C >> OK.
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Click on Clean up system files >> Select the system drive, C >> OK.
Now click on the More Options tab.
Under:-
System Restore and Shadow Copies
Click on Clean up... >> Delete >> OK >> Delete Files.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Norton Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Registry Backup:

Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Note: A tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/en-gb/security/default.aspx)

As is this: Computer Security - a short guide to staying safer online (http://malwareremoval.com/forum/viewtopic.php?f=4&t=54766)

And these are worth reading also: Understanding Windows Firewall settings (http://windows.microsoft.com/en-gb/windows7/understanding-windows-firewall-settings) & Securing Your Router (http://www.staysafeonline.org/stay-safe-online/keep-a-clean-machine/securing-your-home-network)

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:


Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.

Plus check Automatic Updates (http://windows.microsoft.com/en-US/windows/help/windows-update) is enabled.

Check your third party software is up to date:

Via the FileHippo App Manager (http://www.filehippo.com/updatechecker/)...

As certain software such as Adobe related for example when out of date can be used a s conduit for malware to gain a foothold.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo (http://filehippo.com/) or MajorGeeks (http://www.majorgeeks.com/)

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)

Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent)

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here (http://www.winpatrol.com/download.html).

You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).

Next:

Any questions? Feel free to ask, if not stay safe!

Thanks very much for your continued assistance and your sage advice. Now that my grown children have their own computers this one will be less likely to be re-infected. I will follow your suggestions to maintain the health of this and future machines.
Sincerely,
BRZ

Acknowledged and you're most welcome! :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of both awsMBR and FRST logs plus a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.