Trojan threats [Archive] - Safer-Networking Forums

sunshine&flowerpots

2015-01-27, 23:47

Hi,

Hope you can help. I reconnected my computer up last night after I moved house. Started with some updates, but I stupidly didn't read a notification that came & properly which resembled Adobe Flash Player - it was a fast player which I clicked to update/ It unleashed a whol;e host of sites inc smilies tool bars & other stuff which I couldn't uninstall.

I ran Malwarebytes which detected trojan.proxy virus and 49 other threats. These I quarantined at the time.

I am still having endless pages opening, can't access I.E so am using chrome. I did have problems with y proxy settings so changed from proxy server, to atuomatic, which has enabled me to access the internet.

I have posted below FRST logs & aswMBR logs - I must have opened this program twice as I had two logs, so I have posted both of them.

Many thanks

D

FRST Log:-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by WIN7 (administrator) on ASPIRE-T180 on 27-01-2015 20:09:58
Running from C:\Users\WIN7\Downloads
Loaded Profiles: WIN7 & UpdatusUser (Available profiles: WIN7 & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com (http://www.google.com)
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com (http://www.google.com)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com (http://www.google.com)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com (http://www.google.com)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyEzy0EtDtD0EyCtDyEtN0D0Tzu0StCtDzztDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCyB0CyB0BzyyCyDtG0DtAyDyDtGyB0DtCtDtG0CyC0DtBtGyE0BzytC0CyDtC0AyDtD0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0DtD0E0D0F0CtGzy0D0CzztGyE0E0D0EtG0BtA0D0EtGtAyC0E0A0F0BtByCtA0AtDyE2Q&cr=457723129&ir=
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=934CEA99-865E-444C-A3DB-B336F358195E&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=934CEA99-865E-444C-A3DB-B336F358195E&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
BHO: BrowSeAPPEd3.2 -> {11111111-1111-1111-1111-110611991117} -> C:\Program Files\BrowSeAPPEd3.2\BrowSeAPPEd3.2-bho.dll (APPbrServ1)
BHO: TakeTheCaooupOun -> {1221542d-532c-491e-aa52-5aaa098ef24a} -> C:\Program Files\TakeTheCaooupOun\KbbnZlp29gXDQE.dll ()
BHO: AAlelSavER -> {a4e81b7b-142b-4a4b-8ab9-8d9d72598662} -> C:\Program Files\AAlelSavER\y6G7O1nukPeBsx.dll ()
BHO: TakkeTheCoouPOn -> {b4d6cc6c-476b-4251-bb11-0df522cb165c} -> C:\Program Files\TakkeTheCoouPOn\ih3NnzB7W4n48x.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: [NameServer] 88.82.13.12 88.82.13.12

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Firefox\Extensions: [{DFD535C4-A3C6-4C5B-CE9D-F596AE1F6388}] - C:\Program Files\ver7SpeedChecker\186.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (SiteLauncher) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo [2015-01-26]
CHR Extension: (Social Face) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2015-01-02]
CHR Extension: (eyeCare Protect your vision and health) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\eeeningnfkaonkonalpcicgemnnijjhn [2015-01-27]
CHR Extension: (Financial Times News Feed) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Extension: (unisAles) - C:\ProgramData\dmmmihdgelbdgddgjmhefgkbckoidohk\ [2014-04-22]
CHR Extension: (FunDEals) - C:\ProgramData\hfmfmepnppcmmjndpppjdjeinilnnbhb\ [2014-04-22]
CHR Extension: (uneisales) - C:\ProgramData\jdnegepnngpcjanipgemabjgikkcjpng\ [2014-04-22]
StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl045ebd02; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{274AF92E-51ED-4E66-9B5D-D27C6307E17F}\MpKsl045ebd02.sys [39464 2015-01-27] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [39056 2014-11-26] (NetFilterSDK.com)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-26] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2011-11-23] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [33512 2014-08-28] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 cpuz134; \??\C:\Users\WIN7\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
U3 aswMBR; \??\C:\Users\WIN7\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\WIN7\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:11 - 2015-01-27 20:13 - 05198336 _____ (AVAST Software) C:\Users\WIN7\Downloads\aswMBR.exe
2015-01-27 20:10 - 2015-01-27 20:27 - 00029963 _____ () C:\Users\WIN7\Downloads\FRST.txt
2015-01-27 20:01 - 2015-01-27 20:12 - 00000000 ____D () C:\FRST
2015-01-27 19:41 - 2015-01-27 19:44 - 01120768 _____ (Farbar) C:\Users\WIN7\Downloads\FRST.exe
2015-01-27 17:10 - 2015-01-27 17:11 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 17:10 - 2015-01-27 17:10 - 00000354 _____ () C:\Windows\PFRO.log
2015-01-27 17:10 - 2015-01-27 17:10 - 00000056 _____ () C:\Windows\setupact.log
2015-01-27 17:10 - 2015-01-27 17:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 15:33 - 2015-01-27 15:33 - 00001066 _____ () C:\Users\WIN7\Desktop\Malware 27.01.15.txt
2015-01-27 08:48 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\TakkeTheCoouPOn
2015-01-27 08:46 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\eyeCare Protect your vision and health
2015-01-27 08:16 - 2015-01-27 08:16 - 00000000 ____D () C:\ProgramData\9eac294d0000003c
2015-01-27 08:12 - 2015-01-27 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance
2015-01-27 08:11 - 2015-01-27 15:47 - 00000000 ____D () C:\Program Files\Common Files\Umbrella
2015-01-27 08:11 - 2015-01-27 15:47 - 00000000 ____D () C:\Program Files\Common Files\IMGUpdater
2015-01-27 08:11 - 2015-01-27 08:12 - 00000000 ____D () C:\Program Files\WIntEnhance
2015-01-26 20:44 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\d0a61882-a96f-4804-8a79-77a46cd7e818
2015-01-26 20:43 - 2015-01-27 20:17 - 00001332 _____ () C:\Windows\Tasks\AOLOB.job
2015-01-26 20:25 - 2015-01-26 20:46 - 00001678 _____ () C:\Windows\system32\${LOGFILE}
2015-01-26 20:06 - 2015-01-27 15:37 - 00000000 ____D () C:\Users\WIN7\AppData\Local\7776
2015-01-26 19:18 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\Isavier
2015-01-26 19:17 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\Financial Times News Feed
2015-01-26 19:12 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\TaKeeThECoupon
2015-01-26 18:53 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\SiteLauncher
2015-01-26 18:52 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\FunDEals
2015-01-26 18:51 - 2015-01-26 18:51 - 00000000 ____D () C:\ProgramData\hfmfmepnppcmmjndpppjdjeinilnnbhb
2015-01-26 18:46 - 2015-01-27 15:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\WTools
2015-01-26 18:46 - 2015-01-27 15:38 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Store
2015-01-26 18:44 - 2015-01-27 18:44 - 00001330 _____ () C:\Windows\Tasks\OHQG.job
2015-01-26 18:44 - 2015-01-27 15:39 - 00000000 ____D () C:\Users\WIN7\AppData\Local\com
2015-01-26 18:44 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\00b3b84a-011a-4a22-930e-ddc795d2116f
2015-01-26 18:36 - 2015-01-26 18:36 - 00000000 ____D () C:\Users\WIN7\Documents\Optimizer Pro
2015-01-26 18:34 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\d1ddb58e-af6e-4f66-91bc-712ce766e9ac
2015-01-26 18:33 - 2015-01-27 18:34 - 00001334 _____ () C:\Windows\Tasks\CKVNHH.job
2015-01-26 18:32 - 2015-01-27 15:38 - 00000000 ____D () C:\Program Files\globalUpdate
2015-01-26 18:32 - 2015-01-26 18:32 - 02010088 _____ (APPbrServ1) C:\Users\WIN7\AppData\Roaming\CKVNHH.exe
2015-01-26 18:32 - 2015-01-26 18:32 - 00000000 ____D () C:\Users\WIN7\AppData\Local\globalUpdate
2015-01-26 18:31 - 2015-01-27 15:47 - 00000000 ____D () C:\ProgramData\eTKrBkl
2015-01-26 18:30 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\BrowSeAPPEd3.2
2015-01-26 18:29 - 2015-01-27 10:25 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-26 18:25 - 2015-01-27 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-01-26 10:51 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\TakeTheCaooupOun
2015-01-26 10:51 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\AAlelSavER
2015-01-26 10:36 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-26 10:36 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-26 10:36 - 2014-12-11 17:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-26 10:35 - 2014-12-19 02:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-26 10:35 - 2014-12-19 01:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-26 10:35 - 2014-12-06 03:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 16:12 - 2015-01-25 16:12 - 00001248 _____ () C:\Users\WIN7\AppData\Roaming\OHQG
2015-01-25 16:12 - 2015-01-25 16:12 - 00001248 _____ () C:\Users\WIN7\AppData\Roaming\CKVNHH
2015-01-25 16:12 - 2015-01-25 16:12 - 00001248 _____ () C:\Users\WIN7\AppData\Roaming\AOLOB
2015-01-09 08:29 - 2015-01-27 08:21 - 00000000 ____D () C:\ProgramData\5a3b8b08df8d3f96
2015-01-08 22:30 - 2015-01-08 22:30 - 00109280 ____N () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 21:18 - 2015-01-02 21:18 - 00000000 ____D () C:\ProgramData\jdnegepnngpcjanipgemabjgikkcjpng
2015-01-02 21:11 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\unnisialles
2015-01-02 21:11 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\unisAles
2015-01-02 21:11 - 2015-01-27 08:50 - 00000000 ____D () C:\ProgramData\6501943357266018198
2015-01-02 21:11 - 2015-01-02 21:11 - 00000000 ____D () C:\ProgramData\dmmmihdgelbdgddgjmhefgkbckoidohk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:17 - 2011-11-16 17:59 - 01958191 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 20:11 - 2011-11-22 21:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 19:45 - 2014-08-28 22:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 19:44 - 2009-07-14 04:34 - 00032208 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 19:44 - 2009-07-14 04:34 - 00032208 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 19:40 - 2012-04-19 07:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 17:36 - 2014-09-15 15:43 - 00000000 ____D () C:\Users\WIN7\AppData\Local\CrashDumps
2015-01-27 17:11 - 2011-11-22 21:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 17:10 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 16:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-27 15:47 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Cursors
2015-01-27 15:37 - 2013-01-30 16:48 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
2015-01-27 12:11 - 2014-08-28 21:21 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 12:11 - 2014-08-28 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 12:11 - 2014-08-28 21:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-27 03:10 - 2013-08-09 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-27 03:01 - 2011-11-16 18:18 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-26 22:30 - 2013-08-28 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-26 19:43 - 2014-12-16 18:05 - 00000002 _____ () C:\end
2015-01-26 18:36 - 2013-12-05 13:58 - 00001042 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 18:29 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2015-01-26 18:26 - 2012-01-21 21:45 - 00001589 _____ () C:\Users\WIN7\Desktop\Internet Explorer.lnk
2015-01-26 18:26 - 2011-11-19 17:51 - 00001619 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-26 10:36 - 2012-04-19 07:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-26 10:36 - 2011-11-20 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-31 11:13 - 2011-11-16 18:15 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2094-06-24 01:00 - 2012-05-19 16:36 - 0179811 _____ () C:\Program Files\MPEG Streamclip Guide.pdf
2008-08-10 11:57 - 2012-05-19 16:36 - 0094916 _____ () C:\Program Files\MPEG Streamclip Guide.rtf
2008-08-10 12:09 - 2012-05-19 16:36 - 1083904 _____ (Squared 5) C:\Program Files\MPEG_Streamclip.exe
2012-05-19 16:32 - 2012-05-19 16:32 - 0554844 _____ () C:\Program Files\MPEG_Streamclip_1.2.zip
2008-08-10 12:32 - 2012-05-19 16:36 - 0003457 _____ () C:\Program Files\Readme First.rtf
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\AOLOB
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\CKVNHH
2015-01-26 18:32 - 2015-01-26 18:32 - 2010088 _____ (APPbrServ1) C:\Users\WIN7\AppData\Roaming\CKVNHH.exe
2013-04-18 12:15 - 2013-04-18 12:15 - 0038408 _____ () C:\Users\WIN7\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\OHQG
2014-12-16 19:03 - 2014-12-16 19:03 - 0000042 _____ () C:\Users\WIN7\AppData\Roaming\WB.CFG
2012-05-17 16:21 - 2012-05-17 16:21 - 0004096 _____ () C:\Users\WIN7\AppData\Local\keyfile3.drm
2014-09-18 10:00 - 2014-11-21 18:15 - 0007609 _____ () C:\Users\WIN7\AppData\Local\Resmon.ResmonCfg
2014-08-31 19:21 - 2014-08-31 19:21 - 0000000 _____ () C:\Users\WIN7\AppData\Local\{65EECCE8-FF8E-450F-B957-2A204F3E265F}
2012-09-26 15:32 - 2012-09-26 15:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-12 13:26 - 2014-06-12 13:26 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.dll
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.exe
C:\Users\WIN7\AppData\Local\temp\CFE3053F-1FC8-20B7-FDAC-CC6A18D09284.exe
C:\Users\WIN7\AppData\Local\temp\optprosetup.exe
C:\Users\WIN7\AppData\Local\temp\SpOrder.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-26 11:32

==================== End Of Log ============================
aswMBR log 1 :-

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-27 20:19:06
-----------------------------
20:19:06.207 OS Version: Windows 6.1.7601 Service Pack 1
20:19:06.208 Number of processors: 2 586 0x4B02
20:19:06.367 ComputerName: ASPIRE-T180 UserName: WIN7
20:21:48.504 Initialze error C000010E - driver not loaded
20:34:04.381 The log file has been saved successfully to "C:\Users\WIN7\Downloads\aswMBR.txt"

aswMBR log 2 :-

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-27 20:17:36
-----------------------------
20:17:36.856 OS Version: Windows 6.1.7601 Service Pack 1
20:17:36.857 Number of processors: 2 586 0x4B02
20:17:37.359 ComputerName: ASPIRE-T180 UserName: WIN7
20:21:49.256 Initialize success
20:22:09.529 VM: initialized successfully
20:22:09.531 VM: Amd CPU virtualization not supported
20:22:10.540 write error "ashBase.dll". The process cannot access the file because it is being used by another process.
20:46:36.798 The log file has been saved successfully to "C:\Users\WIN7\Downloads\aswMBR 2.txt"

aswMBR log 3 :-

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-27 20:19:06
-----------------------------
20:19:06.207 OS Version: Windows 6.1.7601 Service Pack 1
20:19:06.208 Number of processors: 2 586 0x4B02
20:19:06.367 ComputerName: ASPIRE-T180 UserName: WIN7
20:21:48.504 Initialze error C000010E - driver not loaded
20:34:04.381 The log file has been saved successfully to "C:\Users\WIN7\Downloads\aswMBR.txt"
20:54:55.603 AVAST engine defs: 15012701
21:24:47.682 The log file has been saved successfully to "C:\Users\WIN7\Downloads\aswMBR 3.txt"

Juliet

2015-01-28, 12:42

Lot of work to do here....

Please go to Add/Remove programs list and remove these items below. If there is a problem let me know and we'll try something else.
BrowSeAPPEd3.2
Java 7 Update 67

~~~
Google Chrome has been attacked so for right now we will have to save bookmarks and completely remove Google Chrome then reinstall.

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on Google Chrome
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

You can redownload it from here http://www.google.com/chrome/

~~~~~~~~~~~~~~~~~
Running from C:\Users\WIN7\Downloads

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyEzy0EtDtD0EyCtDyEtN0D0Tzu0StCtDzztDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCyB0CyB0BzyyCyDtG0DtAyDyDtGyB0DtCtDtG0CyC0DtBtGyE0BzytC0CyDtC0AyDtD0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0DtD0E0D0F0CtGzy0D0CzztGyE0E0D0EtG0BtA0D0EtGtAyC0E0A0F0BtByCtA0AtDyE2Q&cr=457723129&ir=
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=934CEA99-865E-444C-A3DB-B336F358195E&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=934CEA99-865E-444C-A3DB-B336F358195E&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
BHO: BrowSeAPPEd3.2 -> {11111111-1111-1111-1111-110611991117} -> C:\Program Files\BrowSeAPPEd3.2\BrowSeAPPEd3.2-bho.dll (APPbrServ1)
BHO: TakeTheCaooupOun -> {1221542d-532c-491e-aa52-5aaa098ef24a} -> C:\Program Files\TakeTheCaooupOun\KbbnZlp29gXDQE.dll ()
BHO: AAlelSavER -> {a4e81b7b-142b-4a4b-8ab9-8d9d72598662} -> C:\Program Files\AAlelSavER\y6G7O1nukPeBsx.dll ()
BHO: TakkeTheCoouPOn -> {b4d6cc6c-476b-4251-bb11-0df522cb165c} -> C:\Program Files\TakkeTheCoouPOn\ih3NnzB7W4n48x.dll ()
Toolbar: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
2015-01-26 18:44 - 2015-01-27 18:44 - 00001330 _____ () C:\Windows\Tasks\OHQG.job
2015-01-26 18:36 - 2015-01-26 18:36 - 00000000 ____D () C:\Users\WIN7\Documents\Optimizer Pro
2015-01-26 18:34 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\d1ddb58e-af6e-4f66-91bc-712ce766e9ac
2015-01-26 18:33 - 2015-01-27 18:34 - 00001334 _____ () C:\Windows\Tasks\CKVNHH.job
2015-01-26 18:32 - 2015-01-26 18:32 - 02010088 _____ (APPbrServ1) C:\Users\WIN7\AppData\Roaming\CKVNHH.exe
2015-01-26 18:30 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\BrowSeAPPEd3.2
2015-01-26 10:51 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\TakeTheCaooupOun
2015-01-26 10:51 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\AAlelSavER
2015-01-02 21:11 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\unnisialles
2015-01-02 21:11 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\unisAles
2015-01-02 21:11 - 2015-01-02 21:11 - 00000000 ____D () C:\ProgramData\dmmmihdgelbdgddgjmhefgkbckoidohk
2015-01-02 21:11 - 2015-01-27 08:50 - 00000000 ____D () C:\ProgramData\6501943357266018198
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\AOLOB
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\CKVNHH
2015-01-26 18:32 - 2015-01-26 18:32 - 2010088 _____ (APPbrServ1) C:\Users\WIN7\AppData\Roaming\CKVNHH.exe
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.dll
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.exe
C:\Users\WIN7\AppData\Local\temp\CFE3053F-1FC8-20B7-FDAC-CC6A18D09284.exe
C:\Users\WIN7\AppData\Local\temp\optprosetup.exe
C:\Users\WIN7\AppData\Local\temp\SpOrder.dll
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1002_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\WIN7\AppData\Local\Temp\6a8185802\temp\44EE.exe No File
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{084125AF-C499-4744-9507-8AD20DDE4448}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\MICROS~1\INTERN~1\DOWNLO~1\PXSTUD~1.OCX No File
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{26CF0ECA-50B9-411D-BA37-86BD6AD53382}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\MICROS~1\INTERN~1\DOWNLO~1\PXSTUD~1.OCX No File
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\WIN7\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe" No File
Task: {36A36F13-1F8E-4740-B05A-395997DFF3AE} - System32\Tasks\OHQG => C:\Users\WIN7\AppData\Roaming\OHQG.exe <==== ATTENTION
Task: {47CA7F6C-2742-451B-A737-F54A07CDEFE8} - \upfs7235 No Task File <==== ATTENTION
Task: {6B7600BF-C4E1-49BC-BCD7-73C661D8E264} - System32\Tasks\AOLOB => C:\Users\WIN7\AppData\Roaming\AOLOB.exe <==== ATTENTION
Task: {77AB94F5-D6E9-40FC-BBA7-E89B5A88CE3E} - \Selection Tools Update No Task File <==== ATTENTION
Task: {B499FA54-C117-4211-9165-81B407734EE1} - \DonutQuotes No Task File <==== ATTENTION
Task: {B8E82CFB-8843-42E1-BF5F-D25142143320} - \WindApp Update No Task File <==== ATTENTION
Task: {DEAD68CC-2DAB-4FE2-8744-688B7DD749C2} - System32\Tasks\CKVNHH => C:\Users\WIN7\AppData\Roaming\CKVNHH.exe [2015-01-26] (APPbrServ1) <==== ATTENTION
Task: C:\Windows\Tasks\AOLOB.job => C:\Users\WIN7\AppData\Roaming\AOLOB.exe <==== ATTENTION
Task: C:\Windows\Tasks\CKVNHH.job => C:\Users\WIN7\AppData\Roaming\CKVNHH.exe <==== ATTENTION
Task: C:\Windows\Tasks\OHQG.job => C:\Users\WIN7\AppData\Roaming\OHQG.exe <==== ATTENTION
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

sunshine&flowerpots

2015-01-29, 13:29

Hi Juliet,

Things seem to be better, I'm not getting any bogus homepages, and pages opening everytime I click on a page I want. I didn't reinstall Chrome at this point as I don't really use it. I prefer Explorer.

Here are my logs:-

fixit:-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by WIN7 at 2015-01-28 21:16:09 Run:1
Running from C:\Users\WIN7\Desktop
Loaded Profiles: WIN7 & UpdatusUser (Available profiles: WIN7 & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\INTERNET EXPLORER: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCyDyEzy0EtDtD0EyCtDyEtN0D0Tzu0StCtDzztDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCyB0CyB0BzyyCyDtG0DtAyDyDtGyB0DtCtDtG0CyC0DtBtGyE0BzytC0CyDtC0AyDtD0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0DtD0E0D0F0CtGzy0D0CzztGyE0E0D0EtG0BtA0D0EtGtAyC0E0A0F0BtByCtA0AtDyE2Q&cr=457723129&ir=
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=934CEA99-865E-444C-A3DB-B336F358195E&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=934CEA99-865E-444C-A3DB-B336F358195E&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=395049983_266162_4CF6E604&ts=1422297156&type=default&q={searchTerms}
BHO: BrowSeAPPEd3.2 -> {11111111-1111-1111-1111-110611991117} -> C:\PROGRAM Files\BrowSeAPPEd3.2\BrowSeAPPEd3.2-bho.dll (APPbrServ1)
BHO: TakeTheCaooupOun -> {1221542d-532c-491e-aa52-5aaa098ef24a} -> C:\Program Files\TakeTheCaooupOun\KbbnZlp29gXDQE.dll ()
BHO: AAlelSavER -> {a4e81b7b-142b-4a4b-8ab9-8d9d72598662} -> C:\Program Files\AAlelSavER\y6G7O1nukPeBsx.dll ()
BHO: TakkeTheCoouPOn -> {b4d6cc6c-476b-4251-bb11-0df522cb165c} -> C:\Program Files\TakkeTheCoouPOn\ih3NnzB7W4n48x.dll ()
Toolbar: HKU\S-1-5-21-1839434062-3037775892-936306819-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
2015-01-26 18:44 - 2015-01-27 18:44 - 00001330 _____ () C:\Windows\Tasks\OHQG.job
2015-01-26 18:36 - 2015-01-26 18:36 - 00000000 ____D () C:\Users\WIN7\Documents\OPTIMIZER PRO
2015-01-26 18:34 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\d1ddb58e-af6e-4f66-91bc-712ce766e9ac
2015-01-26 18:33 - 2015-01-27 18:34 - 00001334 _____ () C:\Windows\Tasks\CKVNHH.job
2015-01-26 18:32 - 2015-01-26 18:32 - 02010088 _____ (APPbrServ1) C:\Users\WIN7\AppData\Roaming\CKVNHH.exe
2015-01-26 18:30 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\BrowSeAPPEd3.2
2015-01-26 10:51 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\TakeTheCaooupOun
2015-01-26 10:51 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\AAlelSavER
2015-01-02 21:11 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\unnisialles
2015-01-02 21:11 - 2015-01-27 15:37 - 00000000 ____D () C:\Program Files\unisAles
2015-01-02 21:11 - 2015-01-02 21:11 - 00000000 ____D () C:\ProgramData\dmmmihdgelbdgddgjmhefgkbckoidohk
2015-01-02 21:11 - 2015-01-27 08:50 - 00000000 ____D () C:\ProgramData\6501943357266018198
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\AOLOB
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\WIN7\AppData\Roaming\CKVNHH
2015-01-26 18:32 - 2015-01-26 18:32 - 2010088 _____ (APPbrServ1) C:\Users\WIN7\AppData\Roaming\CKVNHH.exe
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.dll
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.exe
C:\Users\WIN7\AppData\Local\temp\CFE3053F-1FC8-20B7-FDAC-CC6A18D09284.exe
C:\Users\WIN7\AppData\Local\temp\optprosetup.exe
C:\Users\WIN7\AppData\Local\temp\SpOrder.dll
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1002_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\WIN7\AppData\Local\Temp\6a8185802\temp\44EE.exe No File
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{084125AF-C499-4744-9507-8AD20DDE4448}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\MICROS~1\INTERN~1\DOWNLO~1\PXSTUD~1.OCX No File
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{26CF0ECA-50B9-411D-BA37-86BD6AD53382}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\MICROS~1\INTERN~1\DOWNLO~1\PXSTUD~1.OCX No File
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\WIN7\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe" No File
Task: {36A36F13-1F8E-4740-B05A-395997DFF3AE} - System32\Tasks\OHQG => C:\Users\WIN7\AppData\Roaming\OHQG.exe <==== ATTENTION
Task: {47CA7F6C-2742-451B-A737-F54A07CDEFE8} - \upfs7235 No Task File <==== ATTENTION
Task: {6B7600BF-C4E1-49BC-BCD7-73C661D8E264} - System32\Tasks\AOLOB => C:\Users\WIN7\AppData\Roaming\AOLOB.exe <==== ATTENTION
Task: {77AB94F5-D6E9-40FC-BBA7-E89B5A88CE3E} - \Selection Tools UPDATE No Task File <==== ATTENTION
Task: {B499FA54-C117-4211-9165-81B407734EE1} - \DonutQuotes No Task File <==== ATTENTION
Task: {B8E82CFB-8843-42E1-BF5F-D25142143320} - \WindApp Update No Task File <==== ATTENTION
Task: {DEAD68CC-2DAB-4FE2-8744-688B7DD749C2} - System32\Tasks\CKVNHH => C:\Users\WIN7\AppData\Roaming\CKVNHH.exe [2015-01-26] (APPbrServ1) <==== ATTENTION
Task: C:\Windows\Tasks\AOLOB.job => C:\Users\WIN7\AppData\Roaming\AOLOB.exe <==== ATTENTION
Task: C:\Windows\Tasks\CKVNHH.job => C:\Users\WIN7\AppData\Roaming\CKVNHH.exe <==== ATTENTION
Task: C:\Windows\Tasks\OHQG.job => C:\Users\WIN7\AppData\Roaming\OHQG.exe <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}" => Key deleted successfully.
HKCR\CLSID\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} => Key not found.
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33D9335B-0A5E-4AA2-8CA5-5A230AE6292E}" => Key deleted successfully.
HKCR\CLSID\{33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}" => Key deleted successfully.
HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}" => Key deleted successfully.
HKCR\CLSID\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A67C8099-78A4-4BF8-869D-42FE0F75BCE9}" => Key deleted successfully.
HKCR\CLSID\{A67C8099-78A4-4BF8-869D-42FE0F75BCE9} => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611991117}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611991117}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1221542d-532c-491e-aa52-5aaa098ef24a}" => Key deleted successfully.
"HKCR\CLSID\{1221542d-532c-491e-aa52-5aaa098ef24a}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4e81b7b-142b-4a4b-8ab9-8d9d72598662}" => Key deleted successfully.
"HKCR\CLSID\{a4e81b7b-142b-4a4b-8ab9-8d9d72598662}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4d6cc6c-476b-4251-bb11-0df522cb165c}" => Key deleted successfully.
"HKCR\CLSID\{b4d6cc6c-476b-4251-bb11-0df522cb165c}" => Key deleted successfully.
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => Key deleted successfully.
C:\Windows\Tasks\OHQG.job => Moved successfully.
C:\Users\WIN7\Documents\OPTIMIZER PRO => Moved successfully.
C:\Program Files\d1ddb58e-af6e-4f66-91bc-712ce766e9ac => Moved successfully.
C:\Windows\Tasks\CKVNHH.job => Moved successfully.
C:\Users\WIN7\AppData\Roaming\CKVNHH.exe => Moved successfully.
C:\Program Files\BrowSeAPPEd3.2 => Moved successfully.
C:\Program Files\TakeTheCaooupOun => Moved successfully.
C:\Program Files\AAlelSavER => Moved successfully.
C:\Program Files\unnisialles => Moved successfully.
C:\Program Files\unisAles => Moved successfully.
C:\ProgramData\dmmmihdgelbdgddgjmhefgkbckoidohk => Moved successfully.
C:\ProgramData\6501943357266018198 => Moved successfully.
C:\Users\WIN7\AppData\Roaming\AOLOB => Moved successfully.
C:\Users\WIN7\AppData\Roaming\CKVNHH => Moved successfully.
"C:\Users\WIN7\AppData\Roaming\CKVNHH.exe" => File/Directory not found.
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.dll => Moved successfully.
C:\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.exe => Moved successfully.
C:\Users\WIN7\AppData\Local\temp\CFE3053F-1FC8-20B7-FDAC-CC6A18D09284.exe => Moved successfully.
C:\Users\WIN7\AppData\Local\temp\optprosetup.exe => Moved successfully.
C:\Users\WIN7\AppData\Local\temp\SpOrder.dll => Moved successfully.
"HKU\S-1-5-21-1839434062-3037775892-936306819-1002_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully.
HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{084125AF-C499-4744-9507-8AD20DDE4448} => Key not found.
HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{26CF0ECA-50B9-411D-BA37-86BD6AD53382} => Key not found.
HKU\S-1-5-21-1839434062-3037775892-936306819-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36A36F13-1F8E-4740-B05A-395997DFF3AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A36F13-1F8E-4740-B05A-395997DFF3AE}" => Key deleted successfully.
C:\Windows\System32\Tasks\OHQG => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OHQG" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47CA7F6C-2742-451B-A737-F54A07CDEFE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47CA7F6C-2742-451B-A737-F54A07CDEFE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B7600BF-C4E1-49BC-BCD7-73C661D8E264}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B7600BF-C4E1-49BC-BCD7-73C661D8E264}" => Key deleted successfully.
C:\Windows\System32\Tasks\AOLOB => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AOLOB" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77AB94F5-D6E9-40FC-BBA7-E89B5A88CE3E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77AB94F5-D6E9-40FC-BBA7-E89B5A88CE3E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools UPDATE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B499FA54-C117-4211-9165-81B407734EE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B499FA54-C117-4211-9165-81B407734EE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8E82CFB-8843-42E1-BF5F-D25142143320}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8E82CFB-8843-42E1-BF5F-D25142143320}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEAD68CC-2DAB-4FE2-8744-688B7DD749C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEAD68CC-2DAB-4FE2-8744-688B7DD749C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\CKVNHH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CKVNHH" => Key deleted successfully.
C:\Windows\Tasks\AOLOB.job => Moved successfully.
C:\Windows\Tasks\CKVNHH.job not found.
C:\Windows\Tasks\OHQG.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 345.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog 21:16:48 ====

Adware:-

# AdwCleaner v4.109 - Report created 29/01/2015 at 09:09:05
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : WIN7 - ASPIRE-T180
# Running from : C:\Users\WIN7\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : netfilter

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\5a3b8b08df8d3f96
Folder Deleted : C:\ProgramData\9eac294d0000003c
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\FunDEals
Folder Deleted : C:\Program Files\Isavier
Folder Deleted : C:\Program Files\TaKeeThECoupon
Folder Deleted : C:\Program Files\TakkeTheCoouPOn
Folder Deleted : C:\Program Files\Common Files\IMGUpdater
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Users\WIN7\AppData\Local\globalUpdate
Folder Deleted : C:\Users\WIN7\AppData\Roaming\Store
Folder Deleted : C:\Users\WIN7\AppData\Roaming\WTools
File Deleted : C:\END
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Windows\system32\drivers\netfilter.sys

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\WIN7\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Shortcut Disinfected : C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\P0b4d444b_4bf7_4a16_ae27_171719320e4b_.P0b4d444b_4bf7_4a16_ae27_171719320e4b_
Key Deleted : HKLM\SOFTWARE\Classes\P0b4d444b_4bf7_4a16_ae27_171719320e4b_.P0b4d444b_4bf7_4a16_ae27_171719320e4b_.9
Key Deleted : HKLM\SOFTWARE\Classes\P4627f57f_8f50_4f8a_9c9f_a255dc514eb4_.P4627f57f_8f50_4f8a_9c9f_a255dc514eb4_
Key Deleted : HKLM\SOFTWARE\Classes\P4627f57f_8f50_4f8a_9c9f_a255dc514eb4_.P4627f57f_8f50_4f8a_9c9f_a255dc514eb4_.9
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0b4d444b-4bf7-4a16-ae27-171719320e4b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4627f57f-8f50-4f8a-9c9f-a255dc514eb4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{acfdd110-f6cd-4c60-8b35-53a6372eea96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c6fe922e-cbb3-4fa8-b815-39015322e20b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622992217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655995517}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666996617}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D37BD00-E9FD-40D1-80E7-1795E510ECAA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AEF2BB85-DF75-41E2-8366-FB89A5F869F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644994417}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0b4d444b-4bf7-4a16-ae27-171719320e4b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4627f57f-8f50-4f8a-9c9f-a255dc514eb4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{acfdd110-f6cd-4c60-8b35-53a6372eea96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6fe922e-cbb3-4fa8-b815-39015322e20b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0b4d444b-4bf7-4a16-ae27-171719320e4b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4627f57f-8f50-4f8a-9c9f-a255dc514eb4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{acfdd110-f6cd-4c60-8b35-53a6372eea96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c6fe922e-cbb3-4fa8-b815-39015322e20b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0b4d444b-4bf7-4a16-ae27-171719320e4b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4627f57f-8f50-4f8a-9c9f-a255dc514eb4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{acfdd110-f6cd-4c60-8b35-53a6372eea96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c6fe922e-cbb3-4fa8-b815-39015322e20b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\couponmonkey
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.omiga-plus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omiga-plus.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [10272 octets] - [29/01/2015 08:38:31]
AdwCleaner[S0].txt - [11259 octets] - [29/01/2015 09:09:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11320 octets] ##########

JRT:-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by WIN7 on 29/01/2015 at 9:30:31.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/01/2015 at 9:38:18.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you.

Juliet

2015-01-29, 13:34

You had a lot of garbage on there.

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

***************************************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

*************************************

please post
MBAM log
Eset log

sunshine&flowerpots

2015-01-29, 18:19

Hi Juliet,

MBAM found no threats.

ESET log:-

C:\AdwCleaner\Quarantine\C\Program Files\TakkeTheCoouPOn\ih3NnzB7W4n48x.dll.vir a variant of Win32/Adware.MultiPlug.EG application
C:\FRST\Quarantine\C\Program Files\AAlelSavER\y6G7O1nukPeBsx.dll a variant of Win32/Adware.MultiPlug.EG application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\a2511e23-5f54-456b-879e-61cd76ba2729-2.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\a2511e23-5f54-456b-879e-61cd76ba2729-5.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\a2511e23-5f54-456b-879e-61cd76ba2729-6.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\a2511e23-5f54-456b-879e-61cd76ba2729-7.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\BrowSeAPPEd3.2-bg.exe a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\BrowSeAPPEd3.2-bho.dll a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\BrowSeAPPEd3.2-codedownloader.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Program Files\BrowSeAPPEd3.2\Uninstall.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Program Files\TakeTheCaooupOun\KbbnZlp29gXDQE.dll a variant of Win32/Adware.MultiPlug.EG application
C:\FRST\Quarantine\C\Program Files\unnisialles\jwvtc72Q198OEU.dll a variant of Win32/Adware.MultiPlug.EG application
C:\FRST\Quarantine\C\ProgramData\dmmmihdgelbdgddgjmhefgkbckoidohk\W1If7c024.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\WIN7\AppData\Local\temp\AA864042-BE77-463D-FC52-B5081DC25DEF.exe.xBAD a variant of Win32/Adware.AddLyrics.DM application
C:\FRST\Quarantine\C\Users\WIN7\AppData\Local\temp\CFE3053F-1FC8-20B7-FDAC-CC6A18D09284.exe.xBAD a variant of Win32/Adware.AddLyrics.DM application
C:\FRST\Quarantine\C\Users\WIN7\AppData\Local\temp\optprosetup.exe.xBAD a variant of Win32/OptimizerEliteMax.C potentially unwanted application
C:\FRST\Quarantine\C\Users\WIN7\AppData\Roaming\AOLOB.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\WIN7\AppData\Roaming\CKVNHH.exe.xBAD a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application
C:\FRST\Quarantine\C\Users\WIN7\AppData\Roaming\CKVNHH.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\Program Files\WIntEnhance\uninstall.exe Win32/Wajam.K potentially unwanted application
C:\ProgramData\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.js JS/Kryptik.ATB trojan
C:\ProgramData\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js JS/Kryptik.ATB trojan
C:\Users\All Users\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.js JS/Kryptik.ATB trojan
C:\Users\All Users\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js JS/Kryptik.ATB trojan
C:\Users\Public\Temp\5FD541F6496949CE94E4F33DE2E77F6A\setup.exe a variant of Win32/Amonetize.BQ potentially unwanted application
C:\Users\WIN7\AppData\Roaming\OHQG JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application

Thanks.

Juliet

2015-01-29, 20:38

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CloseProcesses:
C:\Program Files\WIntEnhance\uninstall.exe
C:\ProgramData\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.js
C:\ProgramData\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js
C:\Users\All Users\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.
C:\Users\All Users\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js
C:\Users\Public\Temp\5FD541F6496949CE94E4F33DE2E77F6A\setup.exe
C:\Users\WIN7\AppData\Roaming\OHQG
C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~`

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

sunshine&flowerpots

2015-01-30, 23:24

Hi
Here's results from Security Check:-

Results of screen317's Security Check version 0.99.95
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

FRST:-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by WIN7 at 2015-01-30 20:46:06 Run:2
Running from C:\Users\WIN7\Desktop
Loaded Profiles: WIN7 & UpdatusUser (Available profiles: WIN7 & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files\WIntEnhance\uninstall.exe
C:\ProgramData\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.js
C:\ProgramData\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js
C:\Users\All Users\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.
C:\Users\All Users\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js
C:\Users\Public\Temp\5FD541F6496949CE94E4F33DE2E77F6A\setup.exe
C:\Users\WIN7\AppData\Roaming\OHQG
C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Program Files\WIntEnhance\uninstall.exe => Moved successfully.
C:\ProgramData\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW.js => Moved successfully.
C:\ProgramData\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js => Moved successfully.
"C:\Users\All Users\hfmfmepnppcmmjndpppjdjeinilnnbhb\Br8yW." => File/Directory not found.
"C:\Users\All Users\jdnegepnngpcjanipgemabjgikkcjpng\EjrBFa.js" => File/Directory not found.
C:\Users\Public\Temp\5FD541F6496949CE94E4F33DE2E77F6A\setup.exe => Moved successfully.
C:\Users\WIN7\AppData\Roaming\OHQG => Moved successfully.
C:\Users\WIN7\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar => Moved successfully.
EmptyTemp: => Removed 243.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 20:47:38 ====

Juliet

2015-01-30, 23:34

I believe these 2 versions of Java can be removed
Java 8 Update 25
Java version 32-bit out of Date!

How's the computer now?

Ready to remove tools and quarantine folders?

sunshine&flowerpots

2015-01-30, 23:48

Looks like it! Come seems to be back to normal.

Juliet

2015-01-31, 00:49

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Juliet

2015-02-03, 18:16

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.