|
Answer» Dave, which two AVs are running?Quote from: bluecountry on November 21, 2014, 03:26:26 PM Dave, which two AVs are running?
McAfee Anti-Virus and Anti-Spyware and Windows Defender Quote from: SUPERDAVE on November 21, 2014, 04:05:08 PMMcAfee Anti-Virus and Anti-Spyware and Windows Defender
Dave, just did a search in Windows for security center; it did not say WD was active but seemed to say SAS was-even though SAS was deleted from the PC two days ago. I've attached the screenshot, let me know what this means. Thanks.
[attachment deleted by admin to conserve space]Well...I tried to run combofix, link2 was in Spanish; links 1 and 3 would not let me; I got this pop up (see attached)
[attachment deleted by admin to conserve space]QuoteSAS was deleted from the PC two days ago Programs should not be deleted but un-installed. There are probably remnants of the program still on your computer but I don't see anything in your screenshot about SAS. You should start your Security Center. It was probably stopped when you installed McAfee. Right-click Computer and select Manage. Click on Services and Apps. Double-click on Services. Double-click on Security Center and select the start type to automatically. Next, Click on Start, All Programs and click on Windows System and select Windows Defender. Click on Settings in WD and uncheck the box to disable WD.
Apparently, CF is not yet designed to run on Windows 8.1. Please open AdwCleaner and empty the quarantine box and run the scan again.1) Says the app (WD) is turned off, task manager has it as off to; so I guess it is ok?
2) For adware...
-I download the program from the CH link each time; it is not to my knowledge saved on my PC like CCleaner.
Therefore, I could not find history to delete.
Here is the latest scan log
Quote# AdwCleaner v4.102 - Report created 24/11/2014 at 20:32:57
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 8.1 (64 BITS)
# Username : trent_000 - BERGER-FAMILYPC
# Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Sally\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Sally\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
FILE Deleted : C:\END
File Deleted : C:\windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\user.js
***** [ SCHEDULED TASKS ] *****
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : Optimum_Daily
Task Deleted : Optimum_LogOn
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
[hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneF irst", 2);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141676 8702526.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141676 8702526.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278063195_141676 8734279.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278371845_141676 8736600.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141668 2304929.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141668 2304929.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278444534_141676 8729745.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278762192_141676 8751493.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363279015922_141676 8971815.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363279015922_141676 8971815.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363280845986_141676 8767900.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363281565569_141676 8730682.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363282786485_141676 8784760.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141676 8795279.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363286610777_141676 8875910.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363286755271_141676 8887541.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363287094576_141676 8840188.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363289304926_141676 8817972.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363375926821_141676 8826738.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368037435872_141676 8744187.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141676 8796803.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141676 8795785.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376671574068_141676 8782032.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141676 8810394.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141676 8809304.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376673250405_141676 8872890.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674154806_141676 8804564.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674230239_141676 8775563.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379079356382_141676 8727920.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1392234206091_141676 8728731.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768721742_141676 8723170.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768721742_141676 8723170.view", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768907947_141676 8908911.view", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768935075_141676 8936242.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1416768935075_141676 8936242.view", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.aol_bookmark_button_ 1416683739010.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "1363279015922_1416768971815;1416768935075_1416768936242;1416768907947_1416768908911;1363286755271_1416768887541;1363286610777_1416768875910;1376673250405_14167[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1416859110992");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.homepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.newtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.search", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.protection", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=74C7E95B4EDB41A226C273A79D645826");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=74C7E95B4EDB41A226C273A79D645826");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=74C7E95B4EDB41A226C273A79D645826&tb_oid=22-11-2014&tb_mrud=22-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{74C7E95B-4EDB-41A2-26C2-73A79D645826}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.set", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "download");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "24");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "22");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "branding");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "about:newtab");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "Google");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1416859110968");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1416773179013");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.flag", "2");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.style", "A");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Sun Nov 23 2014 15:30:47 GMT-0500 (Eastern Standard Time)");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.delay", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "22-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.focusnewtab", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "74C7E95B4EDB41A226C273A79D645826");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.newtab", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "22-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "34");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "22");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "72");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1416773184479");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=74C7E95B4EDB41A226C273A79D645826&tb_oid=22-11-2014&tb_mrud=22-11-2014");
[v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
-\\ Google Chrome v
[C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35]
AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17]
AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11]
AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32]
AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50]
AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56]
AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58]
AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44]
AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00]
AdwCleaner[S4].txt - [23121 octets] - [24/11/2014 20:32:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [23182 octets] ##########
3) Few additional things:
-The pop up I get in firefox referenced and attached in post ______ still is popping up. Should I follow the prompts; or is this an error?
-When I login to my windows account I am prompted that CCleaner wants to make changes; is this an error?
-I also get this pop up telling me to update WE; should I? (see attached)
[attachment deleted by admin to conserve space]Please run AdwCleaner again. I can't understand why it's coming up with all that stuff.OK Dave, I have posted the log below I just ran.
Let me know what you think in regards to my previous post about the CCleaner and IE pop ups.
I'm wondering too, big picture, at this stage, what do you think is wrong and might this beyond the scope of CH and require an outside technician or do you think we can get get this cleared?
Quote# AdwCleaner v4.102 - Report created 25/11/2014 at 15:27:43
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 8.1 (64 bits)
# Username : trent_000 - BERGER-FAMILYPC
# Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141694 0021763.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278219404_141694 0025728.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278391072_141694 0020029.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141694 0022787.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278444534_141694 0025063.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278778581_141694 0027112.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141694 0042820.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283376537_141694 0046830.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283394411_141694 0044281.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141694 0053643.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141694 0050580.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368561776583_141694 0043623.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141694 0059188.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141694 0060137.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376674154806_141694 0045527.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1382540936208_141694 0032873.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "1376672884370_1416940060137;1376672727443_1416940059188;1368038170032_1416940053643;1368553686828_1416940050580;1363283376537_1416940046830;1376674154806_14169[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1416946207504");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.homepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.newtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.cookie.search", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982&tb_oid=25-11-2014&tb_mrud=25-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{B88A84BC-399C-4AD7-BCCA-2C048E1C1982}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "download");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "25");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "25");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "aol.com");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=921C1E4BA31E886176DC289D94DAD466");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "Google");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1416946207468");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1416940003554");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "25-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "25-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "34");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "13");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "55");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1416940009247");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982&tb_oid=25-11-2014&tb_mrud=25-11-2014");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35]
AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17]
AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11]
AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32]
AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50]
AdwCleaner[R5].txt - [13294 octets] - [25/11/2014 15:12:33]
AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56]
AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58]
AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44]
AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00]
AdwCleaner[S4].txt - [23263 octets] - [24/11/2014 20:32:57]
AdwCleaner[S5].txt - [14380 octets] - [25/11/2014 15:27:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [14441 octets] ##########
QuoteI'm wondering too, big picture, at this stage, what do you think is wrong and might this beyond the scope of CH and require an outside technician or do you think we can get get this cleared? I feel that a technician will reformat and re-install the OS.
Please run MBAM again and post a new log.I've attached scans from the last several days.
I just ran one now; another was run earlier this afternoon around 2:30.
There is another from 11/23 and 11/22 I posted for reference.
At this stage; do you think we can clear this without resorting to a technician/re-format?
Latest scan
QuoteMalwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/25/2014
Scan Time: 7:58:03 PM
Logfile: 11-25bMBAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.25.17
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: trent_000
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584340
Time Elapsed: 10 min, 55 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Earlier today (11/25)
QuoteMalwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/25/2014
Scan Time: 2:34:04 PM
Logfile: 11-25aMBAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.25.12
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584472
Time Elapsed: 12 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
11/23
QuoteMalwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/23/2014
Scan Time: 3:41:43 PM
Logfile: 11-23-MBAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.23.09
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584335
Time Elapsed: 12 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1444, Delete-on-Reboot, [40f5dc633844f5416a8d343c39c88b75]
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, 5000, Delete-on-Reboot, [c3721e211963ed49dd0100dfe41df60a]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 4968, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 5008, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f]
Modules: 18
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
Registry Keys: 75
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [40f5dc633844f5416a8d343c39c88b75],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.SWLIEToolbar, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.SWLIEToolbar, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}\INPROCSERVER32, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [b481c17e1d5fa591a29e9f1f19e9b44c],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomCommands, Quarantined, [0530f748f686a88eb8dcbf9925de6799],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands, Quarantined, [8fa6a798a3d9270f197b7bddd52ed828],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm, Quarantined, [072e51ee106cfd39c9cbaaaef80ba060],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs, Quarantined, [c66fc07f7606e25451433127bf446e92],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs, Quarantined, [989daf907efedd59256f5503f2119c64],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.SWLSettings, Quarantined, [2a0b96a9205c6ec81a7a3d1b4db69868],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.WatermarkTextBox, Quarantined, [fb3ad768adcf1b1bfc989abe14efc739],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [bd78c47b7ffdfd391befd7c41fe59070],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [4de81c23483476c050841b2a010232ce],
PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\Salus, Quarantined, [56dff44b7705e84e504f52f71ee53cc4],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [ad884bf4b7c58ea8666e6cdd3fc4926e],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.2, Quarantined, [3ff6fd428def3df94b7a82bd39ca58a8],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomCommands, Quarantined, [bb7a9ea1710b67cf6a2afe5ad132de22],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands, Quarantined, [0332d16e7efe4aec3e5674e458abf40c],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm, Quarantined, [2015f649bdbf67cf7f15c5939c6733cd],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs, Quarantined, [52e374cb1b6171c53b59d28632d1a759],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs, Quarantined, [a194a49b097392a4fb99e375cd36b050],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.SWLSettings, Quarantined, [60d5b48b4636f244781c3820946f728e],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.WatermarkTextBox, Quarantined, [40f5ba85cbb1ae88ddb75afe31d2d42c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [df56ea55ea9257df9e7aea68b35025db],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [cd687ec14e2e9b9ba915005806fd9e62],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [1124c778037959dd3ad089129d67da26],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [84b1dd621a621c1a9bd8a111e0245ca4],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [84b10c33522a62d4e98ba60c2adabd43],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [55e056e9b9c3c86e049eb9903fc4dd23],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [5dd85ce3e19b1a1c3b9890b938cb659b],
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hp, Quarantined, [082dd8678eee1b1bf1a783f2aa59f30d],
PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_2, Quarantined, [1223a798bbc1ce68547092ada95a7e82],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [50e5132c1d5f06307d5ffc427f84f60a],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.4cV23.11, Quarantined, [1d18fb44e8940135490c82c357ac1ae6],
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmileysWeLove, Quarantined, [7fb6cb747705d75f0a8df76142c1bb45],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [3df8251a67152313483c400bbb488a76],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [f54063dca3d90234386e1d958e767090],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [b67f3c03b7c53ff7a655d6781de6b947],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [c273cf703844290dcbe3a20148bc6f91],
PUP.Optional.Qone8, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [6bcaee51512ba6907b8e1a8163a1a858],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [d4613f000a726ccaecf6093dbc477e82],
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POPAJAR\SWL, Quarantined, [2c0977c8c1bbed49aaec9eba5fa48a76],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
Registry Values: 13
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76]
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76]
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [8ea787b896e63df945a2a94f729017e9],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [9d9873cc215b00366b7c4cac41c19868],
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Quarantined, [dc59bd82df9de1550a0f1742f70cf30d]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [df56ea55ea9257df9e7aea68b35025db]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Quarantined, [340178c7c4b8d165cc4d92c77291b050]
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_370, Quarantined, [e74eca754f2dcf676e6849fc18ebba46],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{d9a96531-b093-4d07-9e4c-9704a365c441}, C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}, Quarantined, [de57bd82d7a5da5c98562b108a7905fb]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[emailprotected], C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\extensions\[emailprotected], Quarantined, [f0458eb19fdd7db96f18ac02ac58dd23]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarantined, [55e056e9b9c3c86e049eb9903fc4dd23]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, pjr, Quarantined, [5dd85ce3e19b1a1c3b9890b938cb659b]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, [emailprotected], Quarantined, [d4613f000a726ccaecf6093dbc477e82]
Registry Data: 7
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}),Replaced,[88ad90af5923ea4cccd9b79158ad8977]
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[58ddd46b057761d59e0688c0b451a65a]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[80b559e63844a096a5434909877ef30d]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}, Good: (www.google.com), Bad: (http://search.v9.com/web/?type=ds&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9&q={searchTerms}),Replaced,[43f2ac93374501351590bf89b451fe02]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[fe37c679b9c3b086a20227211beac53b]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[b1841b240775c1751bcda8aa7a8b8c74]
PUP.Optional.V9.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9, Good: (www.google.com), Bad: (http://www.v9.com/?type=hp&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9),Replaced,[57de1c230b71d2643864a4a4050013ed]
Folders: 42
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE, Quarantined, [75c08bb4e4983df9b740f4a10ef69c64],
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [1f1685ba0f6daf87c8d4fefde2206e92],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, [38fd1f204e2e8ea85066ed33937037c9],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [38fd1f204e2e8ea85066ed33937037c9],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected], Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected]\simple-storage, Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\x86, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{F553893C-AE99-4E9E-AA6C-E9EE4E1D2A54}, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
Files: 132
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, [40f5dc633844f5416a8d343c39c88b75],
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, Delete-on-Reboot, [c3721e211963ed49dd0100dfe41df60a],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll, Quarantined, [7bba55ea6e0eff379d4a0eeabe448a76],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [f93c2f106814fc3a99fb0bb758aacd33],
PUP.Optional.ClientConnect, C:\ProgramData\Optimizer\program\windows_firefoxupdateperion.exe, Quarantined, [ea4bde61a2dad0664c083f7b1fe27a86],
PUP.Optional.CinemaPlus.A, C:\Users\Sally\AppData\Roaming\PXBM.exe, Quarantined, [e253102f126a43f3e029e1a43fc657a9],
PUP.Optional.CinemaPlus.A, C:\Users\Sally\AppData\Roaming\UU.exe, Quarantined, [3bfae45b7efea294ee1bfe87c63f05fb],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Quarantined, [73c278c76f0df24415b1425e0cf5bc44],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [ed487ac58def67cf04c2bfe1bf42926e],
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [e15496a91468de58259c85fef20ffd03],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantined, [6dc87cc38eeede58f2d4b4ec5ca508f8],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [d95c73cc2a52c76f7155693741c09c64],
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, Quarantined, [003593acc2ba9d99ac4bdd93bd44c739],
PUP.Optional.CrossRider.A, C:\Users\Sally\AppData\Local\Temp\setup_424.exe, Quarantined, [fa3b96a99be12610104d2bb0976a6799],
PUP.Optional.SilentInstaller.A, C:\Users\Sally\AppData\Local\Temp\setup_ra.exe, Quarantined, [e550122ddf9df4425f71307348bada26],
PUP.Optional.AddLyrics, C:\Users\Sally\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.exe, Quarantined, [092cdb642a5293a32bda2dba6f9250b0],
PUP.Optional.AddLyrics, C:\Users\Sally\AppData\Local\Temp\321D0B64-DA79-1F48-57D5-F28ACE24334D.exe, Quarantined, [5fd6ec53bebee056a46113d460a1827e],
PUP.Optional.ClientConnect, C:\Users\Sally\AppData\Local\Temp\nsa76FA.tmp\FDMClient.dll, Quarantined, [75c0c877403c87af78dc9d1d17eaf808],
PUP.Optional.ClientConnect, C:\Users\Sally\AppData\Local\Temp\nsa76FA.tmp\webapphost.dll, Quarantined, [4ee7231ccdafbf77b89c4a7053aea55b],
PUP.Optional.WordProser.A, C:\Users\Sally\AppData\Local\Temp\ZOG\Setup.exe, Quarantined, [92a3310ee39959dd8b37fbdecd3446ba],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\extensions\[emailprotected], Quarantined, [5ed73f004c308da9700961f3bb48b749],
PUP.Optional.V9.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [c66fff4019630432b9ddd99c0af9d030],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLove.ico, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.tlb, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.manifest, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxregistrator.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\HtmlAgilityPack.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Interop.SHDocVw.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Microsoft.mshtml.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.InstallState, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLHelperLibrary.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe.config, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\System.Net.Json.dll, Quarantined, [e253310ec6b679bd6591f3a239cb6c94],
PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE\SmileysWeLove Settings for IE.lnk, Quarantined, [75c08bb4e4983df9b740f4a10ef69c64],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [b0855be4bbc1f541b968b3fd13f1867a],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [1322251a0b714ceae939d9d7739151af],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [df561d22720abf7746dd7838c14304fc],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [0c29a996ea927cba49db4a663dc7bc44],
Rogue.Multiple, C:\ProgramData\2355320829\BIT908E.tmp, Quarantined, [1f1685ba0f6daf87c8d4fefde2206e92],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [38fd1f204e2e8ea85066ed33937037c9],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\jetpack\[emailprotected]\simple-storage\store.json, Quarantined, [7cb9ad920d6f4de9f645ab764cb753ad],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\BrowserHelper.exe.config, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\BrowserHelper.pdb, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\channel_generic.json.old, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\smileyswelove.xpi, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.SmileysWeLove.A, C:\Users\Sally\AppData\Local\Temp\swlfiles\x86\SQLite.Interop.dll, Quarantined, [fe3782bd26560630f7451a0755aeac54],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [60d5e05fdf9de15504e7b17352b107f9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleCrashHandler.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdate.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateBroker.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateHelper.msi, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\GoogleUpdateOnDemand.exe, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\goopdate.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\goopdateres_en.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\npGoogleUpdate4.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\psmachine.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.GlobalUpdate.A, C:\Users\Sally\AppData\Local\Temp\comh.262967\psuser.dll, Quarantined, [4ce944fbacd03303fd0a3bea57ac17e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Delete-on-Reboot, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [f3422d12314bbd795acf2ffab94a619f],
PUP.Optional.V9.A, C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.v9.com/newtab/?type=nt&ts=1416773341&from=pjr&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S737954079540&i=psd&t=34c7674a9"), Replaced,[6cc9aa95ec9086b05f35adddd82dfe02]
Physical Sectors: 0
(No malicious items detected)
(end)
11/22
QuoteMalwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/22/2014
Scan Time: 3:10:07 PM
Logfile: 11-22-MBAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.22.13
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 580420
Time Elapsed: 12 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end) This is not getting any better.
The PC is still slow.
Further sometimes, I hear ads playing in the background even without a webpage or the browser opened.
I'm still getting these pop ups too (see attached).
This is not working, at this stage, what appears to be the problem and how/why can't it be solved yet?
[attachment deleted by admin to conserve space]Latest Logs
Adw
Quote# AdwCleaner v4.102 - Report created 27/11/2014 at 11:41:17
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : trent_000 - BERGER-FAMILYPC
# Running from : C:\Users\trent_000\Downloads\adwcleaner_4.102(2).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\trent_000\AppData\Roaming\WSE_Vosteran
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hdlorvbn.default\user.js
File Deleted : C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\user.js
File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\user.js
File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\user.js
File Deleted : C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\user.js
File Deleted : C:\Users\trent_000\AppData\Roaming\Mozilla\Firefox\Profiles\e4x39m0u.default\user.js
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hdlorvbn.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\kc2u83z7.default-1416682149450\searchplugins\Vosteran.xml
File Deleted : C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\trent_000\AppData\Roaming\Mozilla\Firefox\Profiles\e4x39m0u.default\searchplugins\Vosteran.xml
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
[hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[hdlorvbn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[1i5hf411.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[ki1yg8u5.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141702 0028263.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278041900_141702 0028263.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278063195_141702 0031512.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278219404_141702 0038037.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278371845_141702 0034409.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278391072_141702 0029764.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141702 0039284.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278407974_141702 0039284.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278440671_141702 0041385.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278712874_141702 0045023.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363278778581_141702 0050191.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1363283356442_141702 0100566.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368037499649_141702 0045964.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368038170032_141702 0099906.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1368553686828_141702 0112881.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376671520598_141702 0089279.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672727443_141702 0067919.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1376672884370_141702 0068899.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078884915_141702 0086153.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078962678_141702 0087884.click", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379078962678_141702 0087884.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.button.1379079356382_141702 0047107.view", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 1);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_bookmark_button_1417021404001;aol_bookmark_button_1417021030617;1368553686828_1417020112881;1363283356442_1417020100566;1368038170032_1417020099906;1376671[...]
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1417022611559");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.debug", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.historybutton.num", "4");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000015&tb_uuid=F124B47A38AF3527C50C3A39E148174E");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=F124B47A38AF3527C50C3A39E148174E");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=F124B47A38AF3527C50C3A39E148174E&tb_oid=26-11-2014&tb_mrud=26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{F124B47A-38AF-3527-C50C-3A39E148174E}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.newtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid={uid}");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.sethomepage", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setnewtab", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.setsearch", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.type", "new");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "26");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "10");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "26");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presethomepage", "aol.com");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetnewtab", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=B88A84BC399C4AD7BCCA2C048E1C1982");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.presetsearch", "AOL Search");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote..xml", "1417022556161");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1417020007559");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.skip", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "F124B47A38AF3527C50C3A39E148174E");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.langlocale", "en-US");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.condition", "26");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "1");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "34");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USDC0001");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.zipcode", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.welcome.new.display", "0");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,calendar,weather");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.log", false);
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1417020013089");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.10068");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=F124B47A38AF3527C50C3A39E148174E&tb_oid=26-11-2014&tb_mrud=26-11-2014");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[kc2u83z7.default-1416682149450\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[v12v2egn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1St[...]
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1[...]
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDy[...]
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[e4x39m0u.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzz0EtAyEyB0F0D0CyC0DyEyE0EtDyCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzyt[...]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [35795 octets] - [16/11/2014 14:51:35]
AdwCleaner[R1].txt - [6409 octets] - [16/11/2014 16:27:17]
AdwCleaner[R2].txt - [14201 octets] - [17/11/2014 11:16:11]
AdwCleaner[R3].txt - [18664 octets] - [20/11/2014 12:48:32]
AdwCleaner[R4].txt - [21564 octets] - [24/11/2014 20:28:50]
AdwCleaner[R5].txt - [13294 octets] - [25/11/2014 15:12:33]
AdwCleaner[R6].txt - [18398 octets] - [27/11/2014 11:39:58]
AdwCleaner[S0].txt - [37789 octets] - [16/11/2014 14:52:56]
AdwCleaner[S1].txt - [6128 octets] - [16/11/2014 16:29:58]
AdwCleaner[S2].txt - [15452 octets] - [17/11/2014 11:20:44]
AdwCleaner[S3].txt - [20282 octets] - [20/11/2014 12:55:00]
AdwCleaner[S4].txt - [23263 octets] - [24/11/2014 20:32:57]
AdwCleaner[S5].txt - [14522 octets] - [25/11/2014 15:27:43]
AdwCleaner[S6].txt - [19639 octets] - [27/11/2014 11:41:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [19700 octets] ##########
MBAM
QuoteMalwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/27/2014
Scan Time: 11:45:25 AM
Logfile: 11 27.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.27.06
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: trent_000
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 584832
Time Elapsed: 12 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1235032525-1032305245-2823617851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [dae83d03a2da1e185dfe2f8ede2644bc],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 13
Rogue.Multiple, C:\ProgramData\600440862, Quarantined, [11b165db28549e983009e9169d65ee12],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
Files: 56
PUP.Optional.InstallCore, C:\Users\trent_000\Downloads\FileExtractorSetup.exe, Quarantined, [c4fefe4290ec72c44a45d8f1867e56aa],
Rogue.Multiple, C:\ProgramData\600440862\BITFC82.tmp, Quarantined, [11b165db28549e983009e9169d65ee12],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\New Trent\AppData\Roaming\Mozilla\Firefox\Profiles\1i5hf411.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [8c36241c1666d165aacdf04ef01324dc],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ki1yg8u5.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [1ca6a59be498e4521d5a1d21db28ae52],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\search.json, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
PUP.Optional.Vosteran.A, C:\Users\Trent.Berger-FamilyPC\AppData\Roaming\Mozilla\Firefox\Profiles\v12v2egn.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, Quarantined, [d8eaa59bdd9f91a55423231b9e65926e],
Physical Sectors: 0
(No malicious items detected)
(end) Please stop using FireFox for a few days. Use IE instead. I really can't believe that so many infections are re-occurring in such a short period of time. Also, please run DDS below and make sure you include both logs. They are essential.
Download DDS from HERE or HERE and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
|
