Jump to content

Having a problem with frequent pop-ups in Chrome.


Recommended Posts

I believe I may have some kind of malware in my google chrome. Occasionally when I click on any link, a new tab will pop up with a random "you've won something" tab. Also when i'm on certain sites these mini-windows will pop-up. Most of them have "X's" but even when you click them, another pop-up opens. Also some of them are invisible with just the "X".

 

I have no idea what I could have downloaded to cause these kinds of problems. Any kind of help anybody can offer would be greatly appreciated.

Link to post
Share on other sites

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Thank you for the hasty reply!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by User (administrator) on USER-HP on 05-10-2013 08:49:09
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIEA.EXE
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [RegistryBooster] - C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe [68000 2012-07-08] (Uniblue Systems Limited)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEA.EXE [278112 2011-11-01] (SEIKO EPSON CORPORATION)
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
MountPoints2: {4eb04e0b-9b22-11e1-aa77-806e6f6e6963} - "F:\Diablo III Setup.exe"
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyBtD0DyB0DtDyDzzzyyBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=719453255
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyBtD0DyB0DtDyDzzzyyBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=719453255
SearchScopes: HKLM - {B6ED369D-31DA-43BB-BBF4-027A2C132C6A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {B6ED369D-31DA-43BB-BBF4-027A2C132C6A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyBtD0DyB0DtDyDzzzyyBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=719453255
SearchScopes: HKCU - {B6ED369D-31DA-43BB-BBF4-027A2C132C6A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ajwcnuv.default
FF SelectedSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ajwcnuv.default\Extensions\crossriderapp2258@crossrider.com
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\
FF HKCU\...\Firefox\Extensions: [support@unfriendapp.com] - C:\Program Files (x86)\UnfriendApp\Firefox\
FF Extension: UnfriendApp - C:\Program Files (x86)\UnfriendApp\Firefox\
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (PremierOpinion) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/pmcm.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (UnfriendApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.65265_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\Program Files (x86)\UnfriendApp\Chrome\common.crx
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-20] (BitRaider, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121214.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121214.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\ENG64.SYS [126112 2012-12-17] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\ENG64.SYS [126112 2012-12-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\EX64.SYS [2084000 2012-12-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\EX64.SYS [2084000 2012-12-17] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\system32\drivers\NAVx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NAVx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-05 08:47 - 2013-10-05 08:47 - 01954124 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-10-05 08:47 - 2013-10-05 08:47 - 00000000 ____D C:\FRST
2013-10-05 08:25 - 2013-10-05 08:28 - 00000000 ____D C:\AdwCleaner
2013-10-05 07:32 - 2013-10-05 07:32 - 01045226 _____ C:\Users\User\Desktop\adwcleaner.exe
2013-10-05 07:29 - 2013-10-05 07:30 - 00891167 _____ C:\Users\User\Desktop\SecurityCheck.exe
2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-03 06:30 - 2013-10-03 06:30 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-09-24 08:06 - 2013-09-24 08:19 - 58005545 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_09_2013-07.01.33-UTC.x264.mp4
2013-09-24 06:00 - 2013-09-24 06:01 - 573419520 _____ C:\Users\User\Documents\ladychaichai.camrec
2013-09-23 02:42 - 2013-09-23 01:34 - 405012480 _____ C:\Users\User\Desktop\Mario Super Sluggers [RMBE01].iso
2013-09-23 02:38 - 2013-09-23 02:38 - 00000963 _____ C:\Users\Public\Desktop\WBFS to ISO.lnk
2013-09-23 02:38 - 2013-09-23 02:38 - 00000000 ____D C:\Program Files (x86)\WBFS to ISO
2013-09-23 02:37 - 2013-09-23 02:37 - 01752750 _____ (wbfstoiso.com                                               ) C:\Users\User\Downloads\wbfstoiso_setup.exe
2013-09-23 02:25 - 2013-09-23 02:32 - 1505881451 _____ C:\Users\User\Desktop\RMBE01.iso
2013-09-23 00:30 - 2013-09-23 01:34 - 1509949440 _____ C:\Users\User\Desktop\RMBE01.wbfs
2013-09-22 23:17 - 2013-09-22 23:17 - 16503094 _____ C:\Users\User\Downloads\USBLoader_GX_V3_0_AllinOnePackage_IOS249.zip
2013-09-21 08:44 - 2013-09-21 08:46 - 1634361344 _____ C:\Users\User\Documents\capture-13.camrec
2013-09-18 07:54 - 2013-09-18 08:49 - 167375614 _____ C:\Users\User\Downloads\Infinite_t_nataliagrey_08_13_13.mp4
2013-09-11 05:49 - 2013-09-11 05:52 - 3104374784 _____ C:\Users\User\Documents\capture-12.camrec
2013-09-10 06:13 - 2013-09-10 06:22 - 26192220 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_18_2013-08.17.38-UTC.x264.mp4
2013-09-09 02:18 - 2009-03-14 12:11 - 405012480 _____ C:\Users\User\Desktop\mtusaproper(compress).iso
2013-09-09 02:16 - 2013-09-09 02:16 - 00000000 ____D C:\Users\User\AppData\Local\WBFSManager
 
==================== One Month Modified Files and Folders =======
 
2013-10-05 08:47 - 2013-10-05 08:47 - 01954124 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-10-05 08:47 - 2013-10-05 08:47 - 00000000 ____D C:\FRST
2013-10-05 08:47 - 2012-05-20 05:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 08:41 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 08:41 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 08:39 - 2011-12-25 04:57 - 01078191 _____ C:\Windows\WindowsUpdate.log
2013-10-05 08:37 - 2012-10-05 08:49 - 00000342 _____ C:\Windows\Tasks\RegistryBooster.job
2013-10-05 08:36 - 2012-09-14 05:41 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706345589-3361608085-3645803954-1001UA.job
2013-10-05 08:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 08:34 - 2009-07-14 00:51 - 00047316 _____ C:\Windows\setupact.log
2013-10-05 08:33 - 2012-05-19 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-05 08:28 - 2013-10-05 08:25 - 00000000 ____D C:\AdwCleaner
2013-10-05 08:25 - 2012-05-10 22:12 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{352536FD-2F98-4440-B60C-2C43A173CFCF}
2013-10-05 08:24 - 2012-06-23 18:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus
2013-10-05 07:32 - 2013-10-05 07:32 - 01045226 _____ C:\Users\User\Desktop\adwcleaner.exe
2013-10-05 07:30 - 2013-10-05 07:29 - 00891167 _____ C:\Users\User\Desktop\SecurityCheck.exe
2013-10-05 07:28 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-05 04:36 - 2012-09-14 05:41 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706345589-3361608085-3645803954-1001Core.job
2013-10-04 06:01 - 2013-06-23 16:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job
2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-03 06:30 - 2013-10-03 06:30 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-10-03 06:30 - 2013-07-30 07:50 - 00000000 ____D C:\ProgramData\TechSmith
2013-10-03 06:26 - 2013-07-30 07:42 - 00004509 _____ C:\Users\User\AppData\Roaming\CamStudio.cfg
2013-10-03 06:26 - 2013-07-30 07:42 - 00000408 _____ C:\Users\User\AppData\Roaming\CamShapes.ini
2013-10-03 06:26 - 2013-07-30 07:42 - 00000408 _____ C:\Users\User\AppData\Roaming\CamLayout.ini
2013-10-03 06:26 - 2013-07-30 07:42 - 00000096 _____ C:\Users\User\AppData\Roaming\Camdata.ini
2013-10-03 06:26 - 2013-07-30 07:37 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.7
2013-09-30 03:05 - 2012-07-08 18:12 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-09-28 12:46 - 2012-05-26 14:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-28 12:46 - 2012-05-19 21:09 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-24 08:19 - 2013-09-24 08:06 - 58005545 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_09_2013-07.01.33-UTC.x264.mp4
2013-09-24 06:01 - 2013-09-24 06:00 - 573419520 _____ C:\Users\User\Documents\ladychaichai.camrec
2013-09-24 06:00 - 2013-02-25 00:52 - 00006656 _____ C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 02:38 - 2013-09-23 02:38 - 00000963 _____ C:\Users\Public\Desktop\WBFS to ISO.lnk
2013-09-23 02:38 - 2013-09-23 02:38 - 00000000 ____D C:\Program Files (x86)\WBFS to ISO
2013-09-23 02:37 - 2013-09-23 02:37 - 01752750 _____ (wbfstoiso.com                                               ) C:\Users\User\Downloads\wbfstoiso_setup.exe
2013-09-23 02:32 - 2013-09-23 02:25 - 1505881451 _____ C:\Users\User\Desktop\RMBE01.iso
2013-09-23 01:34 - 2013-09-23 02:42 - 405012480 _____ C:\Users\User\Desktop\Mario Super Sluggers [RMBE01].iso
2013-09-23 01:34 - 2013-09-23 00:30 - 1509949440 _____ C:\Users\User\Desktop\RMBE01.wbfs
2013-09-23 00:27 - 2012-06-23 18:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2013-09-23 00:25 - 2013-08-21 03:08 - 00000000 ____D C:\Users\User\Documents\WBFS Manager Covers
2013-09-23 00:25 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-22 23:17 - 2013-09-22 23:17 - 16503094 _____ C:\Users\User\Downloads\USBLoader_GX_V3_0_AllinOnePackage_IOS249.zip
2013-09-21 17:06 - 2012-09-14 05:42 - 00002358 _____ C:\Users\User\Desktop\Google Chrome.lnk
2013-09-21 08:46 - 2013-09-21 08:44 - 1634361344 _____ C:\Users\User\Documents\capture-13.camrec
2013-09-20 05:58 - 2012-05-20 05:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 05:58 - 2012-05-20 05:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 05:58 - 2011-10-15 02:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 08:49 - 2013-09-18 07:54 - 167375614 _____ C:\Users\User\Downloads\Infinite_t_nataliagrey_08_13_13.mp4
2013-09-18 05:29 - 2013-06-20 05:01 - 00000000 ____D C:\ProgramData\BitRaider
2013-09-11 05:52 - 2013-09-11 05:49 - 3104374784 _____ C:\Users\User\Documents\capture-12.camrec
2013-09-10 06:22 - 2013-09-10 06:13 - 26192220 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_18_2013-08.17.38-UTC.x264.mp4
2013-09-10 05:37 - 2012-05-19 20:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-09-09 02:16 - 2013-09-09 02:16 - 00000000 ____D C:\Users\User\AppData\Local\WBFSManager
2013-09-07 12:13 - 2011-02-10 15:23 - 00000000 ____D C:\SWSetup
 
Files to move or delete:
====================
C:\Users\User\AppData\Roaming\Camdata.ini
C:\Users\User\AppData\Roaming\CamLayout.ini
C:\Users\User\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Extract.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\SP59792.exe
C:\Users\User\AppData\Local\Temp\SP62234.exe
C:\Users\User\AppData\Local\Temp\SRLDetectionLibrary1876351407386324400.dll
C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-03 07:50
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Ok, continue and run the following:

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link:  http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

Process;emptyclsid;firefoxlook;FFdefaultsChromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall;silentrunners;

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.