Laflurla adware not yielding to Spybot

[Brucezibung]

The txt file is listed below:
swMBR version 1.0.1.2201 Copyright(c) 2014 AVAST Software
Run date: 2014-11-12 22:37:00
-----------------------------
22:37:00.997 OS Version: Windows x64 6.1.7601 Service Pack 1
22:37:00.997 Number of processors: 4 586 0x2505
22:37:00.997 ComputerName: DEBORAH-PC UserName: Bruce
22:37:02.447 Initialize success
22:37:02.744 VM: initialized successfully
22:37:02.744 VM: Intel CPU supported
22:37:16.120 VM: not used
22:37:42.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:42.361 Disk 0 Vendor: TOSHIBA_ GH01 Size: 305245MB BusType: 3
22:37:42.501 Disk 0 MBR read successfully
22:37:42.501 Disk 0 MBR scan
22:37:42.501 Disk 0 Windows VISTA default MBR code
22:37:42.517 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:37:42.517 Disk 0 default boot code
22:37:42.548 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294480 MB offset 3074048
22:37:42.564 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9264 MB offset 606169088
22:37:42.704 Disk 0 scanning C:\windows\system32\drivers
22:37:50.395 Service scanning
22:37:54.389 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20141107.001_cbf\BHDrvx64.sys **LOCKED** 5
22:37:55.715 Service ccSet_NIS C:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys **LOCKED** 5
22:38:03.484 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20141112.001\IDSvia64.sys **LOCKED** 5
22:38:09.802 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141112.002\ENG64.SYS **LOCKED** 5
22:38:10.004 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141112.002\EX64.SYS **LOCKED** 5
22:38:19.583 Service SRTSPX C:\windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS **LOCKED** 5
22:38:20.690 Service SymDS C:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS **LOCKED** 5
22:38:20.987 Service SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:38:21.143 Service SymIRON C:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS **LOCKED** 5
22:38:21.299 Service SymNetS C:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS **LOCKED** 5
22:38:30.175 Modules scanning
22:38:30.191 Disk 0 trace - called modules:
22:38:30.284 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:38:30.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033bf060]
22:38:30.300 3 CLASSPNP.SYS[fffff8800119543f] -> nt!IofCallDriver -> [0xfffffa800313b310]
22:38:30.316 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003141050]
22:38:30.331 Disk 0 statistics 90788/0/0 @ 5.96 MB/s
22:38:30.331 Scan finished successfully
22:39:22.966 Disk 0 MBR has been saved successfully to "C:\Users\Bruce\Documents\computer repair\MBR.dat"
22:39:22.966 The log file has been saved successfully to "C:\Users\Bruce\Documents\computer repair\aswMBR.txt"

Additionally, Farbar is being blocked by Norton Internet Security

 

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Safer Networking.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

I have read all of your prior posts and from this time forward anything I advise to be downloaded please actually save it to the desktop rather than this location you have been using:-

computer repair

In the Documents folder. Reason being it is prudent to run specific tools from the desktop and when the time I give the all clear I employ a methodology to remove all used during the course of a malware removal process and if not on the desktop will have to be manually removed etc.

Now with regard to this you mentioned:

Farbar is being blocked by Norton Internet Security

This is merely the security software being somewhat over zealous and what is known as a false positive detection. So disable the aforementioned for the time being, how to do so can be read here.

Then after completion of the below re-enable etc.

Next:

For some reason your machine appears to have a Vista master boot record rather than a Windows 7 one. Possibly you updated the Operating System and or the manufacturer shipped it with such, however to err on the side of caution I would like to check this out.

There is a copy of the mbr located here:-

C:\Users\Bruce\Documents\computer repair\MBR.dat

Send this to a Zip file, if not sure how to do so instructions can be viewed here. Then attach the aforementioned Zip file in your next reply please.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your Desktop.

• Right-click on FRST.exe and select Run as Administrator to start FRST.
• Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
• Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
• At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
• There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered ?
• MBR Zip File.
• Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

 

[Brucezibung]

computer behavior

there seems to be no interference from the adware at this time.
When running the FRST.exe I receive an error message that states as follows:

Line 10220(File"C:Users\Bruce\Desktop\FRST.exe")
Error: Variable being used without being declared
Thank you for your help thus far
BRZ

 

[Dakeyras]

Hi.

When running the FRST.exe I receive an error message that states as follows:

Is this actually occurring when Norton Internet Security is disabled ?

 

[Brucezibung]

Laflurla- results of the MBR.txt in zipped file

the MBR zip file is attached
thanks

 

[Brucezibung]

second Laflurla problem zip file

[One of the FRST zip files is attached

 

[Brucezibung]

Hi.


Is this actually occurring when Norton Internet Security is disabled ?

Yes- Itried again with Norton smart firewall and antivirus auto protect disabled and I receive the same error message

 

[Dakeyras]

Hi.

Yes- Itried again with Norton smart firewall and antivirus auto protect disabled and I receive the same error message

Acknowledged, I'll ask the developer about this. In the meantime carry out the below for myself please as follows...

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

• Right-click on OTL.exe and select Run as Administrator to start OTL.
• Ensure Include 64bit Scans is selected.
• Under Output, ensure that Standard Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Under the Custom Scan/Fixes box cut & paste this in:-

netsvcs
baseservices
%systemdrive%\*.exe
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CreateRestorePoint

• Now click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these two Notepad files in your next reply.

 

[Dakeyras]

Hi.

Please ignore my prior post and run a scan again with the Scan with Farbar Recovery Scan Tool per post #2. Farbar Recovery Scan Tool should auto update itself when you launch it before the actual scan commences etc.

 

[Brucezibung]

Latest FRST scan

I have attached the zip files as requested. I also attached the OTL zip in the event that it might be useful as well.
Thank you for your continued assistance.
BRZ

 

[Dakeyras]

Hi.

Thank you for your continued assistance.

You're welcome and no need to attach anything from this point forward, merely post any requested logs please.

I have checked out the MBR all appears fine and I am of the mind if something is not broken do not fix so we will leave as is. Still not a complete FRST log but we can come back to that in shortly.

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outlined in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to rectify this.

Note: Ensure you reboot you machine when prompted before proceeding any further.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

• Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
• Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
• Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Re-scan with Farbar Recovery Scan Tool:

Please delete the current version of FRST64.exe and both the FRST and Addition logs, then empty the Recycle Bin.

Then re-download and save Farbar Recovery Scan Tool 64-Bit to your desktop.

• Right-click on FRST64.exe and select Run as Administrator to start FRST.
• Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
• Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
• At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
• There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• AdwCleaner Log.
• Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

 

[Brucezibung]

Laflurla not being a bother at the moment

The adware does not seem to be a bother at present.
The zipfiles are attached per your request.
Thank you
BRZ

 

[Brucezibung]

apologize for not sending the zipfiles as separate replys Addition.zip is attached

Addition zip file is attached here as well.
Apologize for my error.
BRZ

 

[Dakeyras]

Hi.

The adware does not seem to be a bother at present.

Good, please bare in mind what I asked prior:-

no need to attach anything from this point forward, merely post any requested logs please.

Also could you please post the log created by AdwCleaner before we proceed any further for my review, thank you.

 

[Brucezibung]

Adware cleaner logs

It finally dawned on me how I should cut and paste the files into a thread. I apologize for any earlier inconvenience
BRZ

# AdwCleaner v4.101 - Report created 17/11/2014 at 11:33:13
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - DEBORAH-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : {6b320d34-648f-46d8-8353-a4300db1c49c}w64

***** [ Files / Folders ] *****

File Found : C:\windows\System32\\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Bruce\AppData\Local\pay-by-ads
Folder Found : C:\Users\Bruce\AppData\LocalLow\HPAppData
Folder Found : C:\windows\System32\ljkb
Folder Found : C:\windows\SysWOW64\SearchProtect

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [4080 octets] - [17/11/2014 11:33:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4140 octets] ##########
# AdwCleaner v4.101 - Report created 17/11/2014 at 11:50:57
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - DEBORAH-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
Service Deleted : {6b320d34-648f-46d8-8353-a4300db1c49c}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\windows\System32\ljkb
Folder Deleted : C:\Users\Bruce\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\Bruce\AppData\LocalLow\HPAppData
File Deleted : C:\windows\System32\\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [4252 octets] - [17/11/2014 11:33:13]
AdwCleaner[S0].txt - [3915 octets] - [17/11/2014 11:50:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3975 octets] ##########

 

[Dakeyras]

Hi.

I apologize for any earlier inconvenience

Not a problem lets proceed as follows shall we...

Uninstall Software:

Please click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Laflurla

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

View attachment 11865

• Now right-click on FRST.exe and select Run as Administrator to start FRST.
• Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
• Your machine should now automatically reboot itself.
• Post the contents of the newly created Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Alternate download is here.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

• Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered ?
• Fixlog Log from the Custom FRST Script.
• Junkware Removal Tool Log.

 

[Brucezibung]

other symptoms

The computer seems to be working without inerrruption- that is, no unwanted irritating adware popups.
BRZ

 

[Brucezibung]

custom frst log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Bruce at 2014-11-19 11:06:58 Run:1
Running from C:\Users\Bruce\Desktop
Loaded Profile: Bruce (Available profiles: Bruce)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1647694867-1531263975-1063293069-1003 -> {26903760-B66C-4875-B5A1-009D551EA1D3} URL =
BHO: TidyNetwork -> {1BFB42B7-2543-32F2-F140-93B319521810} -> C:\Program Files (x86)\TidyNetwork\petn64.dll No File
C:\Program Files (x86)\TidyNetwork
2014-11-12 13:42 - 2014-10-06 12:04 - 00043798 _____ () C:\windows\SysWOW64\bddel.dat
Task: {47168BB5-8A01-468C-9298-B5E97CBA8B81} - System32\Tasks\TidyNetwork Update => C:\Users\Deborah\AppData\Local\TidyNetwork\petnupdate.exe
C:\Users\Deborah\AppData\Local\TidyNetwork
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
emptytemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-1647694867-1531263975-1063293069-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26903760-B66C-4875-B5A1-009D551EA1D3}" => Key deleted successfully.
"HKCR\CLSID\{26903760-B66C-4875-B5A1-009D551EA1D3}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BFB42B7-2543-32F2-F140-93B319521810}" => Key deleted successfully.
"HKCR\CLSID\{1BFB42B7-2543-32F2-F140-93B319521810}" => Key deleted successfully.
"C:\Program Files (x86)\TidyNetwork" => File/Directory not found.
C:\windows\SysWOW64\bddel.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47168BB5-8A01-468C-9298-B5E97CBA8B81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47168BB5-8A01-468C-9298-B5E97CBA8B81}" => Key deleted successfully.
C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"C:\Users\Deborah\AppData\Local\TidyNetwork" => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

EmptyTemp: => Removed 272.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

[Brucezibung]

Jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Bruce on Wed 11/19/2014 at 11:20:09.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/19/2014 at 13:44:12.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
thanks for your continued assistance
BRZ

 

[Dakeyras]

Hi.

The computer seems to be working without inerrruption- that is, no unwanted irritating adware popups.

Good.

thanks for your continued assistance

You're welcome! A few more scans to complete as follows...

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

• Right-click on mbam-setup-2.0.3.1025.exe and select Run as Administrator, then follow the prompts to install the program.
• Select the language and click OK >> Accept the agreement.
• Deselect the check-mark next to Enable the Free Trial as otherwise this will cause a security conflict with presently installed security software and then ensure Launch Malwarebytes' Anti-Malware is selected, then click on finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Scan Now".
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click on Quarantine All
• When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
• Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
• Double click on the last scan done, then on Copy to Clipboard.
• To submit your reply, click on Add Reply, then right click on the window and select Paste.
• Submit your reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.

• Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
• Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
• Please be patient as the scan may take some time to complete depending on your system's specifications.
• Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
• Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
• Save this to your desktop and post the contents in your next reply.
• Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.