Jump to content
rlee_la

Adf.ly redirecting my Chrome browser

Recommended Posts

Hi, I'm yet another person afflicted with the Adf.ly pop-up bot.  (Is bot the right term?)  I've read several conflicting accounts of how to remove Adf.ly from my computer, and that's why I'm posting now.  Many thanks in advance for your help!

 

My PC runs Win 7 Home Premium, SP1, 64-bit.

 

In the last few days, the Adf.ly redirect pop-up has appeared on my browser about 5 times.  I use Chrome, but I also have IE, Firebox, and Safari installed.  I have not used these other browsers frequently enough to know if Adf.ly has infected them too.

 

I have run an AVG AntiVirus Free scan twice, and it has not caught Adf.ly.  I've of course tried to going to Control Panel and looking for an Uninstall option, but I have not seen this option.

 

Any help is much appreciated.  Thank you.

Share this post


Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

Thanks so much, MrCharlie.  I'll follow your steps as soon as I can spend some uninterrupted time on my computer.

Share this post


Link to post
Share on other sites

Thanks again, MrCharlie.  I have used Malwarebytes Anti-Malware to remove malware, yet the Adf.ly malware is still popping up.  I'm posting my Attach and DDS logs now.  I have really tried to follow instructions precisely, and I sincerely value your time and help.  I am now trying RogueKIller.  Thank you.

 

Attach.txt
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2012 12:19:43 AM
System Uptime: 1/15/2014 3:28:19 PM (19 hours ago)
.
Motherboard: Dell Inc.          |  | 0jjvym
Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 105.99 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NetGroup Packet Filter Driver
Device ID: ROOT\LEGACY_NPF\0000
Manufacturer: 
Name: NetGroup Packet Filter Driver
PNP Device ID: ROOT\LEGACY_NPF\0000
Service: npf
.
==== System Restore Points ===================
.
RP185: 1/15/2014 11:57:55 PM - Removed Vuze Remote Toolbar v8.6.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
ABBYY FineReader for ScanSnap 4.0
AccelerometerP11
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.8)
Adobe Stock Photos 1.0
Advanced Audio FX Engine
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.18
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS RT-N56U Wireless Router Utilities
ASUS Wireless Router RT-N56U Manuals
AudibleManager
AVG 2014
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bonjour
Brother Driver Deployment Wizard
Brother MFL-Pro Suite MFC-7860DW
CardMinder
CardMinder V4.0
Consumer In-Home Service Agreement
Coupon Printer for Windows
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage 
Dell Webcam Central
DirectX 9 Runtime
Download Updater (AOL LLC)
Dropbox
EPubsoft EPUB to PDF Converter 5.7.4
FileMaker Pro 10
Final Draft
Freemake Video Converter version 4.0.3
Freemake Youtube Mp3 Converter
GIMP 2.6.10
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
HandBrake 0.9.6
 
 
DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by RLee at 10:26:39 on 2014-01-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.3617 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Users\RLee\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\RLee\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\RLee\AppData\Local\Apps\2.0\PBP1LZCE.345\A65TLE2Q.5GJ\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Users\RLee\AppData\Local\Apps\2.0\PBP1LZCE.345\A65TLE2Q.5GJ\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RLee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=94.255.233.213:1080
uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\RLee\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e403bdf34c6547d1b75b9dc9d5eae45f-d85c8c8db26203cce88853041c47882abf739879 --CMPID 0913a
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\RLee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\RLee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\RLee\AppData\Local\Apps\2.0\PBP1LZCE.345\A65TLE2Q.5GJ\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: C:\Users\RLee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4B061ECD-1E87-4611-A579-AF18C82E51FF} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{4B061ECD-1E87-4611-A579-AF18C82E51FF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}\2502C4565602143757370227F657475627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}\25567696E616C45656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}\651435947484330313 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}\651637967686330313 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}\D4B4335403 : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{DB96FFEB-F4A6-410D-9E0C-175635C58E18} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{EFE9F598-63D0-4BFD-BBDF-3267206FDAC9} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{FB10A2E2-6E5B-4FC2-952E-0B40E069710E} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{FB10A2E2-6E5B-4FC2-952E-0B40E069710E} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FD8FE65B-BC8B-4D9D-9631-90F8B061F3D7} : NameServer = 75.126.206.18,184.173.169.186
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\513m5btm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\RLee\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\RLee\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npLWAPlugin15.8.dll
FF - plugin: C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginAOCUser.dll
FF - plugin: C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-2-22 30496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-9 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-11-9 21616]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-2-22 284448]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-9 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-18 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-18 995392]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-8-25 101888]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-8-25 9216]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-9 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-9 2656280]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2013-11-17 334848]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-11-9 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-18 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-18 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-5-18 53248]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-6-28 176000]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-9 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-9 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-9 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-11-9 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-9 412264]
R3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2013-11-17 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-2-6 585728]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2013-5-22 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2013-5-22 21872]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-11-19 266240]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-11-9 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-11-9 172632]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-11-9 121960]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-11-17 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-20 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-20 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .chm: PDFlite.Document="C:\Program Files (x86)\PDFlite\pdflite.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-16 08:45:47 -------- d-----w- C:\Users\RLee\AppData\Local\{3DB11D80-882A-4EB0-ABB7-3A693679F071}
2014-01-15 18:43:42 -------- d-----w- C:\Users\RLee\AppData\Roaming\Malwarebytes
2014-01-15 18:43:27 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-15 18:43:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-15 18:43:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 23:58:26 -------- d-----w- C:\Users\RLee\AppData\Local\{76C59A62-95AD-4751-9440-6F2F7FD55DC9}
2014-01-13 19:57:19 -------- d-----w- C:\Users\RLee\AppData\Local\Microsoft Lync Attendee
2014-01-13 19:56:44 -------- d-----w- C:\Users\RLee\AppData\Local\AOCSetup
2014-01-12 03:52:56 -------- d-----w- C:\Users\RLee\.swt
2014-01-12 03:52:15 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2014-01-12 03:51:38 -------- d-----w- C:\Users\RLee\AppData\Roaming\Azureus
2014-01-12 03:28:41 -------- d-----w- C:\Users\RLee\AppData\Roaming\BitTorrent
2014-01-11 21:51:44 -------- d-----w- C:\Program Files (x86)\pazera-software
2014-01-11 21:43:14 -------- d-----w- C:\Users\RLee\AppData\Roaming\convertaudiofree
2014-01-11 21:42:22 -------- d-----w- C:\Users\RLee\AppData\Roaming\Digiarty
2014-01-11 21:31:23 -------- d-----w- C:\Users\RLee\AppData\Roaming\VOPackage
2014-01-11 21:29:47 -------- d-----w- C:\Users\RLee\AppData\Roaming\Systweak
2014-01-11 21:29:46 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-01-11 21:29:44 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2014-01-11 19:51:01 -------- d-----w- C:\Windows\Migration
2014-01-10 23:46:45 -------- d-----w- C:\Users\RLee\AppData\Roaming\uTorrent
2014-01-10 23:22:26 -------- d-----w- C:\Users\RLee\AppData\Roaming\DownLite
2014-01-10 23:20:19 -------- d-----w- C:\Program Files (x86)\sp
2014-01-06 19:14:09 -------- d-----w- C:\Program Files (x86)\Mobipocket.com
2014-01-06 19:14:09 -------- d-----w- C:\Program Files (x86)\Common Files\Mobipocket Shared
2014-01-02 04:53:49 -------- d-----w- C:\Users\RLee\AppData\Local\{8A24781C-294B-4793-BB5E-8986A2CC4969}
2013-12-31 17:40:58 -------- d-----w- C:\Users\RLee\AppData\Local\{3D2A59B6-7880-4BAE-BB44-761799135DE1}
2013-12-31 09:20:52 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-12-31 09:20:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-12-31 09:20:52 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-12-31 09:20:52 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-12-31 09:20:51 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-12-31 09:20:51 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-12-31 09:20:51 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-12-26 20:03:51 -------- d-----w- C:\Users\RLee\AppData\Local\{12FB17E5-27FD-4B84-BBF7-35079A0FFB88}
.
==================== Find3M  ====================
.
2013-12-11 02:24:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:24:43 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-06 05:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 05:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 07:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 06:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-25 06:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 10:44:10.61 ===============
 

Share this post


Link to post
Share on other sites

OK, lets start Here:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Hi MrC, thanks so much.  Will do.  To clarify, should I run AdwCleaner after running Rogue Killer?

Share this post


Link to post
Share on other sites

Hi MrCharlie, I apologize for running AdwCleaner prior to running RogueKiller.  I am currently waiting to see if Adf.ly pops up again.  Adf.ly had not been popping up in any predictable timeframe for me, so I’m not sure when/if it will pop up again.  Thanks so very much.  Below are the following logs:

1)      RogueKiller report

2)      AdwCleaner[s0] log - generated PRIOR to running RogueKiller

3)      AdwCleaner[s1] log - generated PRIOR to running RogueKiller

4)      Malwarebytes Anti-Malware FULL Scan report

5)      AdwCleaner[s2] log – generated AFTER running RogueKiller

 

 

RogueKiller report:

 

 

RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : RLee [Admin rights]

Mode : Scan -- Date : 01/17/2014 10:49:43

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] AmazonCloudDriveW.exe -- C:\Users\RLee\AppData\Local\Apps\2.0\PBP1LZCE.345\A65TLE2Q.5GJ\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe [7] -> KILLED [Tree]

 

¤¤¤ Registry Entries : 33 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\RLee\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e403bdf34c6547d1b75b9dc9d5eae45f-d85c8c8db26203cce88853041c47882abf739879 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2231898861-770645649-3783352909-1001\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2231898861-770645649-3783352909-1001\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\RLee\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e403bdf34c6547d1b75b9dc9d5eae45f-d85c8c8db26203cce88853041c47882abf739879 --CMPID 0913a [x][x][x]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=94.255.233.213:1080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\Parameters : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{4B061ECD-1E87-4611-A579-AF18C82E51FF} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{DB96FFEB-F4A6-410D-9E0C-175635C58E18} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{EFE9F598-63D0-4BFD-BBDF-3267206FDAC9} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{FB10A2E2-6E5B-4FC2-952E-0B40E069710E} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CCSet\[...]\{FD8FE65B-BC8B-4D9D-9631-90F8B061F3D7} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\Parameters : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{4B061ECD-1E87-4611-A579-AF18C82E51FF} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{DB96FFEB-F4A6-410D-9E0C-175635C58E18} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{EFE9F598-63D0-4BFD-BBDF-3267206FDAC9} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{FB10A2E2-6E5B-4FC2-952E-0B40E069710E} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS001\[...]\{FD8FE65B-BC8B-4D9D-9631-90F8B061F3D7} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\Parameters : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{4B061ECD-1E87-4611-A579-AF18C82E51FF} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{DB96FFEB-F4A6-410D-9E0C-175635C58E18} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{EFE9F598-63D0-4BFD-BBDF-3267206FDAC9} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{FB10A2E2-6E5B-4FC2-952E-0B40E069710E} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[DNS][PUM] HKLM\[...]\CS002\[...]\{FD8FE65B-BC8B-4D9D-9631-90F8B061F3D7} : NameServer (75.126.206.18,184.173.169.186 [uNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 5 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{BEC8B951-920B-44D7-8EA0-086BD828F50C}.exe - --uninstall=1 [x] -> FOUND

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{B8BB75F3-6AA5-4680-A315-6F64D326B1E9}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{BEC8B951-920B-44D7-8EA0-086BD828F50C}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{B8BB75F3-6AA5-4680-A315-6F64D326B1E9}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] TidyNetwork Update : C:\Users\RLee\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPKT-75PK4T0 +++++

--- User ---

[MBR] 281aa41ad73f5ab1c550ca2ccc1bd049

[bSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01172014_104943.txt >>

 

 

 

 

AdwCleaner[s0] log - generated PRIOR to running RogueKiller:

 

 

# AdwCleaner v3.017 - Report created 16/01/2014 at 19:46:27

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : RLee - RLEE-PC

# Running from : C:\Users\RLee\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\PC Optimizer Pro

Folder Deleted : C:\ProgramData\StarApp

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\saVenshare

Folder Deleted : C:\ProgramData\SavvEnnshare o

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Program Files (x86)\RegClean Pro

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot

Folder Deleted : C:\Program Files\PC Optimizer Pro

Folder Deleted : C:\Users\RLee\AppData\Local\Conduit

Folder Deleted : C:\Users\RLee\AppData\Local\DefineExt

Folder Deleted : C:\Users\RLee\AppData\Local\Temp\AirInstaller

Folder Deleted : C:\Users\RLee\AppData\Local\Temp\Conduit

Folder Deleted : C:\Users\RLee\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\RLee\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\RLee\AppData\LocalLow\saVenshare

Folder Deleted : C:\Users\RLee\AppData\LocalLow\SavvEnnshare o

Folder Deleted : C:\Users\RLee\AppData\Roaming\EZDownloader

Folder Deleted : C:\Users\RLee\AppData\Roaming\pdfforge

Folder Deleted : C:\Users\RLee\AppData\Roaming\Systweak

Folder Deleted : C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\513m5btm.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

Folder Deleted : C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\RLee\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\513m5btm.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309758

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EC98CE7A-4CD1-B28A-5E05-9B7677A40A0B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E309CC3E-CD6C-A247-ED5C-1CD083C8F4FD}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\FLEXnet

Key Deleted : HKCU\Software\pc optimizer pro

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\513m5btm.default\prefs.js ]

 

Line Deleted : user_pref("CT3309758.FF19Solved", "true");

Line Deleted : user_pref("CT3309758.UserID", "UN16771762502313518");

Line Deleted : user_pref("CT3309758.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3309758.fullUserID", "UN16771762502313518.IN.20130825122902");

Line Deleted : user_pref("CT3309758.installDate", "25/08/2013 12:29:14");

Line Deleted : user_pref("CT3309758.installSessionId", "{13020AF8-BF2B-4D8F-8622-5C27ACB79BE7}");

Line Deleted : user_pref("CT3309758.installSp", "TRUE");

Line Deleted : user_pref("CT3309758.installerVersion", "1.6.1.1");

Line Deleted : user_pref("CT3309758.keyword", "true");

Line Deleted : user_pref("CT3309758.originalSearchAddressUrl", "");

Line Deleted : user_pref("CT3309758.originalSearchEngine", "");

Line Deleted : user_pref("CT3309758.originalSearchEngineName", "");

Line Deleted : user_pref("CT3309758.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3309758.searchRevert", "true");

Line Deleted : user_pref("CT3309758.searchUserMode", "2");

Line Deleted : user_pref("CT3309758.smartbar.homepage", "true");

Line Deleted : user_pref("CT3309758.versionFromInstaller", "10.19.2.5");

Line Deleted : user_pref("CT3309758.xpeMode", "0");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "TrustWorthy Customized Web Search");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309758");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309758");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309758");

Line Deleted : user_pref("smartbar.machineId", "JXUUTOIHU7X4Z/TVYORG68EQWMWAE4YAB/O747GMIWTIZYCCQT6QSL3CBEFIV7ONEVN3IUFTDCOHEPZBOUP5DG");

 

-\\ Google Chrome v

 

[ File : C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [16002 octets] - [16/01/2014 19:29:11]

AdwCleaner[s0].txt - [15670 octets] - [16/01/2014 19:46:27]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15731 octets] ##########

 

 

 

 

AdwCleaner[s1] log - generated PRIOR to running RogueKiller:

 

 

# AdwCleaner v3.017 - Report created 16/01/2014 at 19:56:11

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : RLee - RLEE-PC

# Running from : C:\Users\RLee\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\FLEXnet

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\513m5btm.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [16002 octets] - [16/01/2014 19:29:11]

AdwCleaner[R1].txt - [1197 octets] - [16/01/2014 19:55:20]

AdwCleaner[s0].txt - [15876 octets] - [16/01/2014 19:46:27]

AdwCleaner[s1].txt - [1082 octets] - [16/01/2014 19:56:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1142 octets] ##########

 

 

 

 

Malwarebytes Anti-Malware FULL Scan report:

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.17.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

RLee :: RLEE-PC [administrator]

 

1/16/2014 8:21:35 PM

mbam-log-2014-01-16 (20-21-35).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 717186

Time elapsed: 3 hour(s), 38 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

AdwCleaner[s2] log – generated AFTER running RogueKiller:

 

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 11:10:56

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : RLee - RLEE-PC

# Running from : C:\Users\RLee\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\FLEXnet

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\513m5btm.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [16002 octets] - [16/01/2014 19:29:11]

AdwCleaner[R1].txt - [1197 octets] - [16/01/2014 19:55:20]

AdwCleaner[R2].txt - [1197 octets] - [17/01/2014 10:51:16]

AdwCleaner[s0].txt - [15876 octets] - [16/01/2014 19:46:27]

AdwCleaner[s1].txt - [1222 octets] - [16/01/2014 19:56:11]

AdwCleaner[s2].txt - [1080 octets] - [17/01/2014 11:10:56]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1140 octets] ##########

Share this post


Link to post
Share on other sites

OK, if there's still a problem.......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Share this post


Link to post
Share on other sites

Thank you!  Hopefully, it won't pop up again, but I'm ready to try Farbar when/if it does.

Share this post


Link to post
Share on other sites

OK, it's just a scanner and won't fix anything, after I look at the logs we would fix anything needed.

MrC

Share this post


Link to post
Share on other sites

Hi MrCharlie, I am hoping Adf.ly has been successfully removed.  No jinx!  It hasn't popped up in the last day, but I haven't been on my browser as often to monitor it.  I will keep you posted in the next couple days.  Thank you so much.  More soon.

Share this post


Link to post
Share on other sites

Hi MrC, coincidentally, Adf.ly just popped up again about an hour ago.  I'm running a full scan on Malwarebytes Anti-Malware scan as we speak. Thank you.

Share this post


Link to post
Share on other sites

Hi McC,

 

I've run a Malwarebytes Anti-Malware full scan again as well as AdwCleaner.

 

I am now trying to run the Farbar scan; my AVG Free alerts me that Farbar is a suspected Trojan Horse.  Should I disable AVG and try to run the Farbar scan regardless?

 

Thanks again.

Share this post


Link to post
Share on other sites

Hi MrC, attached are the logs from the Farbar scan.  Thanks so much.

Share this post


Link to post
Share on other sites

Clean out temp files: (may require a reboot)
Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

------------------------------

Next:

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download and run a fresh copy of AdwCleaner as before:

Please download AdwCleaner by Xplode and save to your Desktop.

-----------------------------------

Next........


thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Last.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Also attached are the most recent versions of the following logs:

 

1) Rogue Killer report

2) AdwCleaner[s6] log - generated PRIOR to running RogueKiller

3) Malwarebytes Anti-Malware FULL Scan report

Share this post


Link to post
Share on other sites

McC - Thanks yet again.  Now to see if Adf.ly pops up again in the next couple days.  In the meantime, below is my list of actions completed and the attached logs.  Thank you.

 

1) Ran TFC.

2 Fixlog.txt attached.

3) New AdwCleaner saved to desktop.

4) JRT.txt attached.

5) Malwarebytes Anti-Malware Quick Scan log

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.