emmedia

So far, so good... but it only happened a few times a day. So what did it take out or find? And I wonder if the infection spread... you rock! em

Here you go, thank you! Zoek.exe v5.0.0.0 Updated 15-09-2015 Tool run by Sales on Wed 09/16/2015 at 8:12:45.65. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sales\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 9/16/2015 8:15:22 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\WAMP deleted successfully C:\PROGRA~3\Insight Software deleted successfully C:\PROGRA~3\Insight Software Solutions deleted successfully C:\Users\Sales\AppData\Roaming\hpqLog deleted successfully C:\Users\Sales\AppData\Roaming\HpUpdate deleted successfully C:\Users\Sales\AppData\Roaming\TP deleted successfully C:\Users\Sales\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Sales\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Sales\AppData\Local\EmieSiteList deleted successfully C:\Users\Sales\AppData\Local\EmieUserList deleted successfully C:\Users\Sales\AppData\Local\PDFC deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-583446497-2843881720-2413525661-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-583446497-2843881720-2413525661-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-583446497-2843881720-2413525661-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-583446497-2843881720-2413525661-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.1.6 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater40.1.6 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\qsfjode3.default user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"https://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"ht ---- Lines mysearch removed from prefs.js ---- user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{e145955a-3b4f-4cf9-b2a5-c3132380a ---- FireFox user.js and prefs.js backups ---- prefs_20150916_0834_.backup ProfilePath: C:\Users\Sales\AppData\Roaming\Thunderbird\Profiles\c38fklrh.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150916_0834_.backup ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\WAMP not found C:\windows\SysNative\Tasks\0615tbUpdateInfo deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0615tb deleted C:\PROGRA~3\Avg_Update_1214tb deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\AVG Secure Search deleted C:\Users\Sales\Downloads\avg_free_stb_all_2014_4744_cnet.exe deleted C:\Users\Sales\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\tasks\0615tbUpdateInfo.job deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Sales\Documents\Updater deleted C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\qsfjode3.default\searchplugins\avg-secure-search.xml deleted "C:\PROGRA~2\AVG Web TuneUp\avgcefrend.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.6\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.6\log4cplusU.dll" deleted "C:\Users\Sales\AppData\Local\AVG Web TuneUp" deleted "C:\PROGRA~2\AVG Web TuneUp" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\AVG Web TuneUp\locales" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.6" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.6" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\qsfjode3.default user_pref("browser.startup.homepage", "http://www.msn.com/"); user_pref("browser.search.defaultenginename", "AVG Secure Search"); user_pref("browser.search.defaultenginename.US", "AVG Secure Search"); user_pref("browser.search.selectedEngine", "AVG Secure Search"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\qsfjode3.default - AVG Web TuneUp - %ProfilePath%\extensions\avg@toolbar - LastPass - %ProfilePath%\extensions\support@lastpass.com - FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} - Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi - Open With Photoshop - %ProfilePath%\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi ProfilePath: C:\Users\Sales\AppData\Roaming\Thunderbird\Profiles\c38fklrh.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\qsfjode3.default EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash F542B4E8DF11DCF7C974548A2D2BD624 - C:\Users\Sales\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll - Google Update ==== Deleted Firefox Extensions ====================== C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\qsfjode3.default\extensions\avg@toolbar deleted ==== Chromium Look ====================== AVG Web TuneUp - Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn Chrome Hotword Shared Module - Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Chrome Hotword Shared Module - Sales\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Fix ====================== C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage deleted successfully C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://hsco.org/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://hsco.org/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sales\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sales\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Sales\AppData\Local\Mozilla\Firefox\Profiles\qsfjode3.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=409 folders=143 171005515 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Sales\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Sales\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Wed 09/16/2015 at 8:45:50.32 ======================

Here they are - thank you! Addition.txt FRST.txt

Hi, thank you for your help! Here is the log after my scan. protect-log.txt

Hi, I am running the premium version of Malwarebytes, but once in a while, when I'm opening a site in Firefox, I get the Malicious Website Blocked... and the Type is always Outbound, with the Process C:\Program Files (x86)\Mozilla Firefox\firefox.exe. The domain and IP are not always the same. I have run scans, without it finding anything. My computer runs fine and I don't notice anything out of the ordinary. What do I need to do to check further? Thank you! em