Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Clicking anything tries to download unwanted things

  1. #1
    Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Default Clicking anything tries to download unwanted things

    Hello,

    I apparently downloaded something nasty by accident. I ran a scan and cleaned some stuff out, but I am still having a problem. Whenever I click on just about anything it loads another tab asking me to download other things. Also, all of my banner ads are asking me to download things. Most of the tabs open with urls that start with gzj.jsopen. Also of interest is that when I was trying to download the programs to get the logs you need here it did something else odd. When I clicked on the links for the programs it just started downloading a program from a url that used getsoftfree.com as the source. I did not install them, but they loaded automatically when I was clicking on the link for ERUNT. I am attaching what I believe it was you were looking for for logs. I will warn you that I am a huge technotard, and you may need to explain things like you were telling to a child for me to get this right the first time. I apologize if I did the logs wrong, but it took me all night to get this far.

    Thank you for your help.
    mmttw


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by Mom's at 19:43:20 on 2013-08-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2032 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Users\Mom's\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    C:\Users\Mom's\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A81CD0DF9A9B7B0B&affID=119557&tsp=4985
    uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LyricsContainer: {a47fdceb-4d34-49c8-bd51-24c1201d1473} - C:\Program Files (x86)\LyricsContainer\130.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Google Update] "C:\Users\Mom's\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://216.17.38.65:8051/DVROcxEx.cab
    TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\34963736F65343134343 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\6596277696E6D4F62696C65602D49664962323030302344333 : DHCPNameServer = 192.168.1.68
    TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\D4F4D435D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\D4F4D435D20534F5E4564777F627B6F513 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\D6D6474777 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    TCP: Interfaces\{B5840D9F-6020-46EE-B7D3-DFB4DFA7910D} : DHCPNameServer = 75.75.76.76 75.75.75.75
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mom's\AppData\Roaming\Mozilla\Firefox\Profiles\91kusb0y.default\
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
    FF - plugin: C:\Users\Mom's\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - a81cacb8000000000000d0df9a9b7b0b
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15942
    FF - user.js: extensions.delta.vrsn - 1.8.24.6
    FF - user.js: extensions.delta.vrsni - 1.8.24.6
    FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:05:33
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119557&tsp=4985
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    FF - user.js: extensions.shownSelectionUI - true
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-10-7 135272]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-26 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-10-18 867712]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-26 13336]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-26 244624]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-4 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-26 2320920]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-26 135560]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-8-26 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-26 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 287232]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-26 243712]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-4 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-08-26 02:55:12 -------- d-----w- C:\Program Files (x86)\LyricsContainer
    2013-08-25 03:12:04 -------- d-----w- C:\Users\Mom's\AppData\Local\avgchrome
    2013-08-25 03:11:34 -------- d-----w- C:\Users\Mom's\AppData\Local\SwvUpdater
    2013-08-25 03:05:06 -------- d-----w- C:\Program Files (x86)\BrowseFox
    2013-08-18 02:04:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-18 02:04:50 -------- d-----w- C:\Program Files\iTunes
    2013-08-18 02:04:50 -------- d-----w- C:\Program Files\iPod
    2013-08-18 02:04:50 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2013-08-17 22:41:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F950FE1-9F36-4DC8-A97A-A44595C3CA7A}\offreg.dll
    2013-08-17 02:54:27 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F950FE1-9F36-4DC8-A97A-A44595C3CA7A}\mpengine.dll
    2013-08-16 02:47:10 -------- d-----w- C:\Windows\System32\MRT
    .
    ==================== Find3M ====================
    .
    2013-08-21 02:55:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-21 02:55:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    .
    ============= FINISH: 19:43:51.97 ===============



    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-27 21:02:45
    -----------------------------
    21:02:45.894 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:02:45.894 Number of processors: 4 586 0x2505
    21:02:45.895 ComputerName: MOMS-PC UserName: Mom's
    21:02:47.113 Initialize success
    21:03:49.509 AVAST engine defs: 13082701
    21:04:26.507 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:04:26.512 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    21:04:26.639 Disk 0 MBR read successfully
    21:04:26.644 Disk 0 MBR scan
    21:04:26.652 Disk 0 Windows 7 default MBR code
    21:04:26.657 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
    21:04:26.681 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
    21:04:26.697 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
    21:04:26.729 Disk 0 scanning C:\Windows\system32\drivers
    21:04:34.571 Service scanning
    21:04:59.999 Modules scanning
    21:05:00.017 Disk 0 trace - called modules:
    21:05:00.036 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    21:05:00.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fcf060]
    21:05:00.056 3 CLASSPNP.SYS[fffff88001b6343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f87050]
    21:05:01.251 AVAST engine scan C:\Windows
    21:05:03.541 AVAST engine scan C:\Windows\system32
    21:07:53.267 AVAST engine scan C:\Windows\system32\drivers
    21:08:04.755 AVAST engine scan C:\Users\Mom's
    21:10:44.104 AVAST engine scan C:\ProgramData
    21:11:25.897 Scan finished successfully
    21:12:12.705 Disk 0 MBR has been saved successfully to "C:\Users\Mom's\Desktop\MBR.dat"
    21:12:12.710 The log file has been saved successfully to "C:\Users\Mom's\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi mmttw,

    Sorry for the delay. If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Default Still need help

    Quote Originally Posted by shelf life View Post
    hi mmttw,

    Sorry for the delay. If you still need help simply reply back.
    I thought the reply was on the other page and all I saw was the link for how to prevent issues. Sorry I'm a bit of a dork. That's probably how I ended up in this situation in the first place. Please help.

    Thanks,
    mmttw

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. We will get two downloads to use. The first is the free version of Malwarebytes which you can keep and use as a anti-malware app. The second download will be adwcleaner.

    Malwarebytes:
    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    ---------------------------------------------------------------
    Adwcleaner:

    Please download Adwcleaner by Xplode onto your desktop.
    Right click on AdwCleaner.exe, and select "run as admin"
    Click on Search.
    A logfile will automatically open after the scan has finished
    Close AdwCleaner with the X button. Click OK at the prompt to exit Adwcleaner
    Copy and paste the contents of the log in your reply
    You can also find the logfile at your root drive--> C:\AdwCleaner[R1].txt as well
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Default

    Quote Originally Posted by shelf life View Post
    ok. We will get two downloads to use. The first is the free version of Malwarebytes which you can keep and use as a anti-malware app. The second download will be adwcleaner.

    Malwarebytes:
    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    ---------------------------------------------------------------
    Adwcleaner:

    Please download Adwcleaner by Xplode onto your desktop.
    Right click on AdwCleaner.exe, and select "run as admin"
    Click on Search.
    A logfile will automatically open after the scan has finished
    Close AdwCleaner with the X button. Click OK at the prompt to exit Adwcleaner
    Copy and paste the contents of the log in your reply
    You can also find the logfile at your root drive--> C:\AdwCleaner[R1].txt as well
    Thank you so much. Here are the logs you requested:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.01.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16660
    Mom's :: MOMS-PC [administrator]

    Protection: Enabled

    9/1/2013 5:48:07 PM
    mbam-log-2013-09-01 (17-48-07).txt

    Scan type: Full scan (C:\|D:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 327785
    Time elapsed: 34 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 8
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a86a606b-5364-416e-bd51-8e39eac54906} (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
    HKCR\CLSID\{a47fdceb-4d34-49c8-bd51-24c1201d1473} (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A47FDCEB-4D34-49C8-BD51-24C1201D1473} (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{7da7bca1-6f71-4523-b121-bc44bdf92e2b} (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{97a62d7c-a568-4811-a778-eea678d3f51f} (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc...19557&tsp=4985) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 1
    C:\Program Files (x86)\LyricsContainer (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.

    Files Detected: 33
    C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\Uninstall.exe (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OVSA9I3\wajam_install[1].exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG3JYXKL\pack[1].7z (PUP.Optional.BrowserProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3JTCXUW\Setup[1].exe (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYM68O1E\LyricsContainer_1060-8001_v122[1] (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Temp\air8476.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\Mom's\AppData\Local\Temp\nsc79D1.tmp\SimpleInstaller.exe (Adware.Linkular) -> Quarantined and deleted successfully.
    C:\Users\Mom's\Downloads\Setup (1).exe (PUP.Optional.Solimba.mr) -> Quarantined and deleted successfully.
    C:\Users\Mom's\Downloads\Setup (2).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\Mom's\Downloads\Setup (3).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\Mom's\Downloads\Setup (4).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Users\Mom's\Downloads\setup (5).exe (Adware.Linkular) -> Quarantined and deleted successfully.
    C:\Users\Mom's\Downloads\Setup.exe (PUP.Optional.Solimba.mr) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\sqlite3.dll (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\00.crx (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\00.xpi (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\01.crx (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\01.xpi (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\02.crx (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\02.xpi (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\130.crx (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\130.dat (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\130.dll (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\130.xpi (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\chrome.manifest (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\crx.dat (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\crx.db (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\xpi.dat (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LyricsContainer\xpi.db (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\LyricsContainer Update.job (PUP.Optional.LyricsContainer.A) -> Quarantined and deleted successfully.

    (end)


    # AdwCleaner v3.002 - Report created 01/09/2013 at 18:39:11
    # Updated 01/09/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mom's - MOMS-PC
    # Running from : C:\Users\Mom's\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\BrowseFox
    Folder Deleted : C:\Users\Mom's\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Mom's\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Mom's\AppData\Local\Temp\AirInstaller
    File Deleted : C:\Users\Mom's\AppData\Roaming\Mozilla\Firefox\Profiles\91kusb0y.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\aedf8ae56fbe49
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16660


    -\\ Mozilla Firefox v13.0.1 (en-US)

    [ File : C:\Users\Mom's\AppData\Roaming\Mozilla\Firefox\Profiles\91kusb0y.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Mom's\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [2066 octets] - [01/09/2013 18:34:27]
    AdwCleaner[R1].txt - [2126 octets] - [01/09/2013 18:36:09]
    AdwCleaner[S0].txt - [2005 octets] - [01/09/2013 18:39:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2065 octets] ##########

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Looks like adware/spyware stuff. If you look at the log a PUP is a potentially unwanted program. The majority of this type of install can be easily avoided. Hows the original problem you described now: better, somewhat better or unchanged?
    How Can I Reduce My Risk?

  7. #7
    Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Default Lots better

    Quote Originally Posted by shelf life View Post
    Looks like adware/spyware stuff. If you look at the log a PUP is a potentially unwanted program. The majority of this type of install can be easily avoided. Hows the original problem you described now: better, somewhat better or unchanged?
    Thank you so much. That was ugly. I almost never load anything on my computer. I got this by saying yes to updating my Java. I will be much more careful in the future. Is there anything else I need to do?

    Thank you,
    mmttw

  8. #8
    Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Default Although...

    Quote Originally Posted by mmttw View Post
    Thank you so much. That was ugly. I almost never load anything on my computer. I got this by saying yes to updating my Java. I will be much more careful in the future. Is there anything else I need to do?

    Thank you,
    mmttw
    It does not appear to be totally gone, but not nearly as bad. I can't imagine there is much left on my computer that could be bad, but I am thinking this thing adds other issues as we go. It isn't currently loading pages, but I am still getting the ad to load stuff on the pages I do want.

  9. #9
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    What browser are you seeing the ads in? I dont see a AV app in your log, do you have antivirus installed and updated? Spybot and Malwarebytes aren't antivirus.

    I got this by saying yes to updating my Java
    Only if you got it from a bogus site/install. Java install/updates now push the ask toolbar, unless you uncheck it.
    Not only does Oracle push out foistware its has a horrendous security record with its vulnerable software. But you can avoid both these if you want.

    One more download to try:

    Please download Junkware Removal Tool to your desktop.


    Shutdown your antivirus to avoid any conflicts.
    Right-mouse click JRT.exe and select "Run as admin"
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your reply
    How Can I Reduce My Risk?

  10. #10
    Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Default Thanks again

    Quote Originally Posted by shelf life View Post
    What browser are you seeing the ads in? I dont see a AV app in your log, do you have antivirus installed and updated? Spybot and Malwarebytes aren't antivirus.


    Only if you got it from a bogus site/install. Java install/updates now push the ask toolbar, unless you uncheck it.
    Not only does Oracle push out foistware its has a horrendous security record with its vulnerable software. But you can avoid both these if you want.

    One more download to try:

    Please download Junkware Removal Tool to your desktop.


    Shutdown your antivirus to avoid any conflicts.
    Right-mouse click JRT.exe and select "Run as admin"
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your reply

    O.k., I ran that. I can't imagine there is much of anything left on my computer. Oddly, I went to disable Java and it didn't even appear as one of the plug-ins on my computer. Is it hidden somewhere? Or do I really not have it, and somehow got the notice to update it straight from a hacker? Here is the log from the last program.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.5.7 (09.01.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Mom's on Mon 09/02/2013 at 18:44:27.10
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3944868438-1401671066-809823832-1001\Software\SweetIM
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}



    ~~~ Files

    Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
    Successfully deleted: [Folder] "C:\Users\Mom's\appdata\local\best buy pc app"
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{0EA3E919-14FA-43BF-9300-A6C6FF717355}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{2277E41D-7C9B-4357-85F4-4EB0FC49D311}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{49E3F08A-0640-4C0C-A2A1-18B1F0711727}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{4D843473-BE79-4178-BE1E-A9D2B1884010}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{5A84D149-46BE-4D7C-8720-453B0D5EBDAA}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{5F4FFE59-ACA5-4E9A-9957-72DBE98D8BEC}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{624DAA82-3F17-4F37-A9C8-1BA3AF0F292F}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{7483312A-714D-448B-82C6-FA23CDC202E2}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{764A9A60-F488-4609-8ADB-94540DC24509}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{7EDB42D8-8B32-4861-B022-52584DC6F506}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{9D625B2D-BBBA-44CD-926C-3BA7C811C805}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{AE398E48-73F0-4A41-B304-188FCC94D129}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{AEC962C4-116D-4EA1-A033-28ECFB4F4190}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{BFFE6771-4269-42A8-B3FB-3731B55DF7E6}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{DAFE0501-88B2-410B-9178-43DE754F883D}
    Successfully deleted: [Empty Folder] C:\Users\Mom's\appdata\local\{F1629B40-66C3-4B52-A987-B923273F7D75}



    ~~~ FireFox

    Emptied folder: C:\Users\Mom's\AppData\Roaming\mozilla\firefox\profiles\91kusb0y.default\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 09/02/2013 at 18:52:09.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •