Solved Remove remnants of Dregol search Malware

Dell Vostro 1520 laptop computer (intel...
June 26, 2015 at 06:02:06
Specs: Window 8, 4G
I have Win 8.1 HP 2000 Notebook. I believe some downloads from Websites accident to get Dregol search pop up many websites contain malwares. I uninstalled Dregol Search and remove it from Chrome. I also use Window defend to remove many threats.

But they might be not removed completely because CPU at idle time(no search no action on laptop) sometimes go to 45% from 2% and Disk tab in Task manager go to Red 99% even 100%

How do I remove spyware?

All suggestions would be appreciate.

Best,

TCN

Truc C. Nguyen


See More: Remove remnants of Dregol search Malware

Report •


✔ Best Answer
June 28, 2015 at 16:39:45
"My laptop is Win 8.1. Is this program working?"
Opp's Truc, sorry it does not work in 8.1 & it would have told you so, if you had tried to install it.

Next step.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...



#1
June 26, 2015 at 06:24:11
Here are the first 2 steps, there will be more steps needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
June 26, 2015 at 10:06:19
John,

Laptop performance looks much better, I am unable to post all so the files are too large to send

Below are results from Adwcleaner

# AdwCleaner v4.207 - Logfile created 26/06/2015 at 12:38:28
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Truc - TIMMYCATHYPC
# Running from : C:\Users\Truc\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BringMeSports_1cService
Service Found : CouponArificService64
Service Found : EliteUnzip_aaService
Service Found : IBUpdaterService
Service Found : netfilter64
Service Found : TBSrv
Service Found : {16aeaf7e-8e31-4ae5-a406-23e1011dca16}Gw64
Service Found : {c0727293-b4b8-43d3-9bba-ad36542dcd37}Gw64
Service Found : {df3e0b68-bf66-4a38-9dc7-1016227262b0}Gw64
Service Found : {e0f11ce0-b988-4edf-90cb-37fdcbf046be}Gw64
Service Found : {e920b931-4015-4acf-9561-0197bd6bfe7e}Gw64
Service Found : {f54d9c50-8210-46e0-a0e8-d9ea665b4ee8}Gw64
Service Found : BringMeSports_1cService
Service Found : EliteUnzip_aaService
Service Found : MaintainerSvc2.48.1114611

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhfhkgkmljpbkafmkljgfmaokgcaiiee_0.localstorage
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhfhkgkmljpbkafmkljgfmaokgcaiiee_0.localstorage-journal
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llkjooekcinmdmojmfdjhidbakfpepod_0.localstorage
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llkjooekcinmdmojmfdjhidbakfpepod_0.localstorage-journal
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bringmesports.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bringmesports.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_puzzlegamesdaily.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_puzzlegamesdaily.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_televisionfanatic.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_televisionfanatic.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Timmy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eBay.lnk
File Found : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Found : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Found : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dregol.com_0.localstorage
File Found : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\Truc\AppData\LocalLow\SkwConfig.bin
File Found : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
File Found : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\patsearch.bin
File Found : C:\WINDOWS\Reimage.ini
File Found : C:\WINDOWS\System32\dmwu.exe
File Found : C:\WINDOWS\System32\drivers\{16aeaf7e-8e31-4ae5-a406-23e1011dca16}Gw64.sys
File Found : C:\WINDOWS\System32\drivers\{c0727293-b4b8-43d3-9bba-ad36542dcd37}Gw64.sys
File Found : C:\WINDOWS\System32\drivers\{df3e0b68-bf66-4a38-9dc7-1016227262b0}Gw64.sys
File Found : C:\WINDOWS\System32\drivers\{e0f11ce0-b988-4edf-90cb-37fdcbf046be}Gw64.sys
File Found : C:\WINDOWS\System32\drivers\{e920b931-4015-4acf-9561-0197bd6bfe7e}Gw64.sys
File Found : C:\WINDOWS\System32\drivers\{f54d9c50-8210-46e0-a0e8-d9ea665b4ee8}Gw64.sys
File Found : C:\WINDOWS\System32\drivers\netfilter64.sys
File Found : C:\WINDOWS\System32\ImhxxpComm.dll
File Found : C:\WINDOWS\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\BringMeSports_1c
Folder Found : C:\Program Files (x86)\Common Files\Goobzo
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DriverRestore
Folder Found : C:\Program Files (x86)\EliteUnzip
Folder Found : C:\Program Files (x86)\EliteUnzip_aa
Folder Found : C:\Program Files (x86)\Klip Pal
Folder Found : C:\Program Files (x86)\Linkey
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\RelevantKnowledge
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\Program Files (x86)\ShopperPro
Folder Found : C:\Program Files (x86)\SweetPacks
Folder Found : C:\Program Files (x86)\Tbccint
Folder Found : C:\Program Files\Common Files\Goobzo
Folder Found : C:\Program Files\CouponArific
Folder Found : C:\Program Files\Linkey
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\Program Files\Settings Manager
Folder Found : C:\Program Files\ShopperPro
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Found : C:\ProgramData\smdmf
Folder Found : C:\Users\Timmy\AppData\Local\BringMeSports_1c
Folder Found : C:\Users\Timmy\AppData\Local\EliteUnzip_aa
Folder Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfhkgkmljpbkafmkljgfmaokgcaiiee
Folder Found : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llkjooekcinmdmojmfdjhidbakfpepod
Folder Found : C:\Users\Timmy\AppData\Local\Mindspark_Interactive_Net
Folder Found : C:\Users\Timmy\AppData\LocalLow\BringMeSports_1c
Folder Found : C:\Users\Timmy\AppData\LocalLow\Conduit
Folder Found : C:\Users\Timmy\AppData\LocalLow\EliteUnzip_aa
Folder Found : C:\Users\Timmy\AppData\LocalLow\iac
Folder Found : C:\Users\Timmy\AppData\LocalLow\SweetPacks
Folder Found : C:\Users\Timmy\AppData\Roaming\Systweak
Folder Found : C:\Users\Truc\AppData\Local\BringMeSports_1c
Folder Found : C:\Users\Truc\AppData\Local\Conduit
Folder Found : C:\Users\Truc\AppData\Local\EliteUnzip_aa
Folder Found : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Found : C:\Users\Truc\AppData\Local\iac
Folder Found : C:\Users\Truc\AppData\Local\StormWatch
Folder Found : C:\Users\Truc\AppData\Local\Weather_Protector_LLC
Folder Found : C:\Users\Truc\AppData\LocalLow\BringMeSports_1c
Folder Found : C:\Users\Truc\AppData\LocalLow\Conduit
Folder Found : C:\Users\Truc\AppData\LocalLow\EliteUnzip_aa
Folder Found : C:\Users\Truc\AppData\LocalLow\iac
Folder Found : C:\Users\Truc\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Truc\AppData\LocalLow\SweetPacks
Folder Found : C:\Users\Truc\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\Truc\AppData\Roaming\Linkey
Folder Found : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip
Folder Found : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Folder Found : C:\Users\Truc\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Truc\AppData\Roaming\Systweak
Folder Found : C:\WINDOWS\System32\ljkb
Folder Found : C:\WINDOWS\SysWOW64\ARFC
Folder Found : C:\WINDOWS\SysWOW64\jmdp
Folder Found : C:\WINDOWS\SysWOW64\SearchProtect
Folder Found : C:\WINDOWS\SysWOW64\WNLT

***** [ Scheduled tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : LaunchSignup
Task Found : LaunchPreSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49279;hxxps=127.0.0.1:49279
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\BringMeSports_1c
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\EliteUnzip_aa
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\BringMeSports_1c
Key Found : HKCU\Software\CoinisRS
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DriverRestore
Key Found : HKCU\Software\EliteUnzip_aa
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dregol.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2DBBA1C6-E87C-4A03-A781-0BBAAFC6C4EB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\SmdmF
Key Found : HKCU\Software\StormWatch
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\SweetPacks
Key Found : HKCU\Software\SweetPacks
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\BringMeSports_1c
Key Found : [x64] HKCU\Software\CoinisRS
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DriverRestore
Key Found : [x64] HKCU\Software\EliteUnzip_aa
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2DBBA1C6-E87C-4A03-A781-0BBAAFC6C4EB}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\PRODUCTSETUP
Key Found : [x64] HKCU\Software\SmdmF
Key Found : [x64] HKCU\Software\StormWatch
Key Found : [x64] HKCU\Software\StormWatchApp
Key Found : [x64] HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\SweetPacks
Key Found : [x64] HKCU\Software\SweetPacks
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Tbccint_HKLM
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\BringMeSports_1c
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Found : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManager
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.Radio
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.Radio.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5489857C-D16B-4F23-A322-9F3D3423DC6D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5DC6445C-89CE-4895-9EEE-79449A453700}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6285C254-4465-4F8B-A009-5F42AB02C291}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D31FF80A-322D-4343-99BD-158557C460B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.FeedManager
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92364364-56B2-4C54-AAE3-A7D03A30C023}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A50C4254-A6A2-48CB-A2D0-C5E0A53FD965}
Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\EliteUnzip_aa
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : HKLM\SOFTWARE\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AADC8B2-562B-407B-88B3-916140226CBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA460720-7B38-421D-981C-66F0AE288FB9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AF33C13-6C63-488C-9DEA-17B0E7829DE5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6285C254-4465-4F8B-A009-5F42AB02C291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall Firefox
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall Internet Explorer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Firefox
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\Mindspark
Key Found : HKLM\SOFTWARE\MozillaPlugins\@BringMeSports_1c.com/Plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SmdmF
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\SweetPacks
Key Found : HKLM\SOFTWARE\SweetPacks
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\TermTutor
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{30CBDB40-5B21-481B-A09B-F87CEF73F020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{952EEDFD-A98B-4670-9BDD-3634C8846FC1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : [x64] HKLM\SOFTWARE\Linkey
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : [x64] HKLM\SOFTWARE\WNLT
Key Found : HKU\.DEFAULT\Software\IM
Key Found : HKU\.DEFAULT\Software\ImInstaller
Key Found : HKU\.DEFAULT\Software\WNLT
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8358A5F6-E352-4677-8386-9704AA8AD899}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports EPM Support]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports_1c Browser Plugin Loader 64]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports_1c Browser Plugin Loader 64]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports_1c Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports_1c Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Elite Unzip AppIntegrator 32-bit]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Elite Unzip AppIntegrator 64-bit]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Elite Unzip EPM Support]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.130

[C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_coinisrs_15_24&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyEyB0D0EyB0DtBzyyC0EtN0D0Tzu0StCtByDzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0ByByD0A0BtByCtGyByCzy0FtGyB0CyE0DtGtCyCyDyBtG0FyDtA0DyCtDtCyBzztDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztD0A0A0AtA0BzztGzz0CtCzytGyE0F0F0FtGzyzztBzztGtB0AtBtAyDzy0D0B0A0Ezy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztByD&cr=1255795714&ir=
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=HP_ss&s=web&rlz=0&sd=1&as=3&ac=0

*************************

Below is result from JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.6 (06.26.2015:2)
OS: Windows 8.1 x64
Ran by Truc on Fri 06/26/2015 at 12:45:22.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

Successfully deleted: [Service] pcsuucdrv

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ospd_us_375

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{79FAAA05-5849-4E69-A71E-18A47450D830}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7}

~~~ Files

Successfully deleted: [File] C:\Users\Truc\appdata\local\nsa4BB3.tmp
Successfully deleted: [File] C:\Users\Truc\appdata\local\nspD1C7.tmp
Successfully deleted: [File] C:\Users\Truc\appdata\local\8869b6d692f04c89f4b127f3a310c406

~~~ Folders

Successfully deleted: [Folder] C:\Users\Truc\appdata\locallow\bringmesports_1cei
Successfully deleted: [Folder] C:\Users\Truc\appdata\locallow\eliteunzip_aaei
Successfully deleted: [Folder] C:\Users\Truc\appdata\locallow\videodownloadconverter_4z
Successfully deleted: [Folder] C:\Users\Truc\appdata\locallow\videodownloadconverter_4zei
Successfully deleted: [Folder] C:\Users\Truc\documents\optimizer pro

~~~ Chrome


[C:\Users\Truc\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Truc\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
fpmeembnagmagppkgghhfjfdfajdfcah

[C:\Users\Truc\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Truc\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
fpmeembnagmagppkgghhfjfdfajdfcah
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/26/2015 at 12:47:11.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Truc C. Nguyen


Report •

#3
June 26, 2015 at 17:10:04
"Laptop performance looks much better, I am unable to post all so the files are too large to send
Below are results from Adwcleaner"

I need to see the Adwcleaner log showing what was cleaned please.

The log posted only shows what was found.


Report •

Related Solutions

#4
June 26, 2015 at 17:35:09
Here they are

# AdwCleaner v4.207 - Logfile created 26/06/2015 at 12:40:03
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Truc - TIMMYCATHYPC
# Running from : C:\Users\Truc\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BringMeSports_1cService
[#] Service Deleted : CouponArificService64
[#] Service Deleted : EliteUnzip_aaService
[#] Service Deleted : IBUpdaterService
Service Deleted : netfilter64
[#] Service Deleted : TBSrv
Service Deleted : {16aeaf7e-8e31-4ae5-a406-23e1011dca16}Gw64
Service Deleted : {c0727293-b4b8-43d3-9bba-ad36542dcd37}Gw64
Service Deleted : {df3e0b68-bf66-4a38-9dc7-1016227262b0}Gw64
Service Deleted : {e0f11ce0-b988-4edf-90cb-37fdcbf046be}Gw64
Service Deleted : {e920b931-4015-4acf-9561-0197bd6bfe7e}Gw64
Service Deleted : {f54d9c50-8210-46e0-a0e8-d9ea665b4ee8}Gw64
[#] Service Deleted : MaintainerSvc2.48.1114611

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\smdmf
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
[#] Folder Deleted : C:\Program Files (x86)\Linkey
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\RelevantKnowledge
[#] Folder Deleted : C:\Program Files (x86)\SearchProtect
[#] Folder Deleted : C:\Program Files (x86)\Settings Manager
[#] Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Program Files (x86)\DriverRestore
Folder Deleted : C:\Program Files (x86)\Klip Pal
Folder Deleted : C:\Program Files (x86)\SweetPacks
Folder Deleted : C:\Program Files (x86)\BringMeSports_1c
Folder Deleted : C:\Program Files (x86)\EliteUnzip
Folder Deleted : C:\Program Files (x86)\EliteUnzip_aa
[#] Folder Deleted : C:\Program Files (x86)\Common Files\Goobzo
Folder Deleted : C:\WINDOWS\SysWOW64\ARFC
Folder Deleted : C:\WINDOWS\SysWOW64\jmdp
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\WINDOWS\SysWOW64\WNLT
[#] Folder Deleted : C:\Program Files\Linkey
[#] Folder Deleted : C:\Program Files\SearchProtect
[#] Folder Deleted : C:\Program Files\Settings Manager
[#] Folder Deleted : C:\Program Files\ShopperPro
Folder Deleted : C:\Program Files\CouponArific
[#] Folder Deleted : C:\Program Files\Common Files\Goobzo
Folder Deleted : C:\WINDOWS\System32\ljkb
Folder Deleted : C:\Users\Timmy\AppData\Local\Mindspark_Interactive_Net
Folder Deleted : C:\Users\Timmy\AppData\Local\BringMeSports_1c
Folder Deleted : C:\Users\Timmy\AppData\Local\EliteUnzip_aa
Folder Deleted : C:\Users\Timmy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Timmy\AppData\LocalLow\iac
Folder Deleted : C:\Users\Timmy\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\Timmy\AppData\LocalLow\BringMeSports_1c
Folder Deleted : C:\Users\Timmy\AppData\LocalLow\EliteUnzip_aa
Folder Deleted : C:\Users\Timmy\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Truc\AppData\Local\Conduit
Folder Deleted : C:\Users\Truc\AppData\Local\iac
Folder Deleted : C:\Users\Truc\AppData\Local\StormWatch
Folder Deleted : C:\Users\Truc\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\Truc\AppData\Local\BringMeSports_1c
Folder Deleted : C:\Users\Truc\AppData\Local\EliteUnzip_aa
Folder Deleted : C:\Users\Truc\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Truc\AppData\LocalLow\iac
Folder Deleted : C:\Users\Truc\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Truc\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\Truc\AppData\LocalLow\BringMeSports_1c
Folder Deleted : C:\Users\Truc\AppData\LocalLow\EliteUnzip_aa
Folder Deleted : C:\Users\Truc\AppData\Roaming\AnyProtectEx
[#] Folder Deleted : C:\Users\Truc\AppData\Roaming\Linkey
Folder Deleted : C:\Users\Truc\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Truc\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Folder Deleted : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip
Folder Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Deleted : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfhkgkmljpbkafmkljgfmaokgcaiiee
Folder Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llkjooekcinmdmojmfdjhidbakfpepod
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhfhkgkmljpbkafmkljgfmaokgcaiiee_0.localstorage
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhfhkgkmljpbkafmkljgfmaokgcaiiee_0.localstorage-journal
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llkjooekcinmdmojmfdjhidbakfpepod_0.localstorage
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llkjooekcinmdmojmfdjhidbakfpepod_0.localstorage-journal
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Deleted : C:\WINDOWS\patsearch.bin
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\System32\dmwu.exe
File Deleted : C:\WINDOWS\System32\ImhxxpComm.dll
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\WINDOWS\System32\drivers\{16aeaf7e-8e31-4ae5-a406-23e1011dca16}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{c0727293-b4b8-43d3-9bba-ad36542dcd37}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{df3e0b68-bf66-4a38-9dc7-1016227262b0}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{e0f11ce0-b988-4edf-90cb-37fdcbf046be}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{e920b931-4015-4acf-9561-0197bd6bfe7e}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{f54d9c50-8210-46e0-a0e8-d9ea665b4ee8}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Timmy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eBay.lnk
File Deleted : C:\Users\Truc\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
File Deleted : C:\Users\Truc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bringmesports.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bringmesports.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_puzzlegamesdaily.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_puzzlegamesdaily.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_televisionfanatic.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_televisionfanatic.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Deleted : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dregol.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : LaunchSignup
Task Deleted : LaunchPreSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@BringMeSports_1c.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@EliteUnzip_aa.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.Radio
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\BringMeSports_1c.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports_1c Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports_1c Browser Plugin Loader 64]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports EPM Support]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BringMeSports Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Elite Unzip EPM Support]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Elite Unzip AppIntegrator 32-bit]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Elite Unzip AppIntegrator 64-bit]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5489857C-D16B-4F23-A322-9F3D3423DC6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5DC6445C-89CE-4895-9EEE-79449A453700}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6285C254-4465-4F8B-A009-5F42AB02C291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D31FF80A-322D-4343-99BD-158557C460B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92364364-56B2-4C54-AAE3-A7D03A30C023}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A50C4254-A6A2-48CB-A2D0-C5E0A53FD965}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AF33C13-6C63-488C-9DEA-17B0E7829DE5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6285C254-4465-4F8B-A009-5F42AB02C291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA460720-7B38-421D-981C-66F0AE288FB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AADC8B2-562B-407B-88B3-916140226CBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8358A5F6-E352-4677-8386-9704AA8AD899}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30CBDB40-5B21-481B-A09B-F87CEF73F020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{952EEDFD-A98B-4670-9BDD-3634C8846FC1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2DBBA1C6-E87C-4A03-A781-0BBAAFC6C4EB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmdmF
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\SweetPacks
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKCU\Software\BringMeSports_1c
Key Deleted : HKCU\Software\EliteUnzip_aa
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
Key Deleted : HKCU\Software\AppDataLow\Software\BringMeSports_1c
Key Deleted : HKCU\Software\AppDataLow\Software\EliteUnzip_aa
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\SweetPacks
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\TermTutor
Key Deleted : HKLM\SOFTWARE\Mindspark
Key Deleted : HKLM\SOFTWARE\Linkey
Key Deleted : HKLM\SOFTWARE\BringMeSports_1c
Key Deleted : HKLM\SOFTWARE\EliteUnzip_aa
Key Deleted : HKU\.DEFAULT\Software\IM
Key Deleted : HKU\.DEFAULT\Software\ImInstaller
Key Deleted : HKU\.DEFAULT\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall Internet Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall Firefox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteUnzip_aabar Uninstall Firefox
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Linkey
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dregol.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49279;hxxps=127.0.0.1:49279
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.130

[C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_coinisrs_15_24&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyEyB0D0EyB0DtBzyyC0EtN0D0Tzu0StCtByDzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0ByByD0A0BtByCtGyByCzy0FtGyB0CyE0DtGtCyCyDyBtG0FyDtA0DyCtDtCyBzztDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztD0A0A0AtA0BzztGzz0CtCzytGyE0F0F0FtGzyzztBzztGtB0AtBtAyDzy0D0B0A0Ezy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztByD&cr=1255795714&ir=
[C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=HP_ss&s=web&rlz=0&sd=1&as=3&ac=0

*************************

AdwCleaner[R0].txt - [27583 bytes] - [26/06/2015 12:38:28]
AdwCleaner[S0].txt - [25167 bytes] - [26/06/2015 12:40:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25227 bytes] ##########

Truc C. Nguyen


Report •

#5
June 26, 2015 at 17:45:07
Thanks Truc.

Next step.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
http://www.askvg.com/how-to-disable...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed, make sure to re-enable your antivirus.


Report •

#6
June 27, 2015 at 10:04:42
John,

Below are results after running RogueKiller. Thanks,
2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Truc [Administrator]
Started from : C:\Users\Truc\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/27/2015 12:55:01

¤¤¤ Processes : 1 ¤¤¤
[VT.Downloader.DJC] MalwareProtection360.exe(3416) -- C:\Program Files (x86)\MalwareProtection360\malwareprotection360.exe[-] VT(16) -> Killed [TermProc]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVX-60JC3T0 +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 691609 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1418031104 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1418952704 | Size: 22556 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06272015_125334.log - RKreport_DEL_06272015_125415.log - RKreport_DEL_06272015_125429.log - RKreport_DEL_

Truc C. Nguyen


Report •

#7
June 27, 2015 at 16:53:31
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#8
June 28, 2015 at 03:56:27
John

My laptop is Win 8,1. After I save FRST.exe to the local disk,it shows the warning "FRST.exe is not commonly downloaded and could harm your computer"

This warning only show when I download it from Internet Explore but it does not from Google Chrome

Do I keep going running it? Thanks,

Truc C. Nguyen


Report •

#9
June 28, 2015 at 03:59:39
"Do I keep going running it?"
Yep.

Report •

#10
June 28, 2015 at 04:51:01

Report •

#11
June 28, 2015 at 04:55:55
Back with the next step in about 10mins.

Report •

#12
June 28, 2015 at 05:09:08
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\Timmy\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Truc\OneDrive:ms-properties
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs-x32: C:\PROGRA~3\{CC3C2~1\1172~1.1\fore.dll => "C:\PROGRA~3\{CC3C2~1\1172~1.1\fore.dll" File not found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3237140190-3914928451-2328811250-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3237140190-3914928451-2328811250-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll No File
SearchScopes: HKLM -> {8F7587FE-3798-4D80-81E0-CF89AC754EF5} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-1... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {8F7587FE-3798-4D80-81E0-CF89AC754EF5} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-1... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 -> {8F7587FE-3798-4D80-81E0-CF89AC754EF5} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-1... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Toolbar: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#13
June 28, 2015 at 05:36:10
Below is result of Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015
Ran by Truc at 2015-06-28 08:28:37 Run:1
Running from C:\Users\Truc\Desktop
Loaded Profiles: Truc (Available Profiles: Truc & Timmy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\Timmy\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Truc\OneDrive:ms-properties
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs-x32: C:\PROGRA~3\{CC3C2~1\1172~1.1\fore.dll => "C:\PROGRA~3\{CC3C2~1\1172~1.1\fore.dll" File not found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3237140190-3914928451-2328811250-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3237140190-3914928451-2328811250-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll No File
SearchScopes: HKLM -> {8F7587FE-3798-4D80-81E0-CF89AC754EF5} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-1... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {8F7587FE-3798-4D80-81E0-CF89AC754EF5} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-1... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 -> {8F7587FE-3798-4D80-81E0-CF89AC754EF5} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-1... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Toolbar: HKU\S-1-5-21-3237140190-3914928451-2328811250-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
*****************

Processes closed successfully.
"C:\Users\Timmy\OneDrive" => ":ms-properties" ADS not found.
"C:\Users\Truc\OneDrive" => ":ms-properties" ADS not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"C:\PROGRA~3\{CC3C2~1\1172~1.1\fore.dll" => value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3237140190-3914928451-2328811250-1005\User => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3237140190-3914928451-2328811250-1001\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{06b5b051-1d05-443d-822f-39ab0d05f018} => value removed successfully
"HKCR\Wow6432Node\CLSID\{06b5b051-1d05-443d-822f-39ab0d05f018}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F7587FE-3798-4D80-81E0-CF89AC754EF5}" => key removed successfully
HKCR\CLSID\{8F7587FE-3798-4D80-81E0-CF89AC754EF5} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => key removed successfully
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8F7587FE-3798-4D80-81E0-CF89AC754EF5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{8F7587FE-3798-4D80-81E0-CF89AC754EF5} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F7587FE-3798-4D80-81E0-CF89AC754EF5}" => key removed successfully
HKCR\CLSID\{8F7587FE-3798-4D80-81E0-CF89AC754EF5} => key not found.
"HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
EmptyTemp: => 5.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 08:29:09 ====

Truc C. Nguyen


Report •

#14
June 28, 2015 at 05:37:20
Update & Run Malwarebytes Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif
Click on the Scan tab, then click on Scan Now >>. If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Report •

#15
June 28, 2015 at 06:42:13
Below are results from MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/28/2015
Scan Time: 8:50:55 AM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.28.02
Rootkit Database: v2015.06.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Truc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397109
Time Elapsed: 36 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 32
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ef55cb9f-2729-4bff-afe5-ee59593b16e8}, Quarantined, [59b98b3585055dd98d7ee097857e6e92],
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8}, Quarantined, [59b98b3585055dd98d7ee097857e6e92],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8}, Quarantined, [59b98b3585055dd98d7ee097857e6e92],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8}, Quarantined, [59b98b3585055dd98d7ee097857e6e92],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8}, Quarantined, [59b98b3585055dd98d7ee097857e6e92],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8}, Quarantined, [59b98b3585055dd98d7ee097857e6e92],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [24ee219f4a4060d67878235136cd0bf5],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, Quarantined, [9082823edeac5fd737e7aecaf1120af6],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, Quarantined, [0c06615fd3b7f93db7673741788b45bb],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Linkey.Linkey, Quarantined, [0c06615fd3b7f93db7673741788b45bb],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [987a7848b1d99a9c176fa4ef8d781fe1],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [fe140eb23d4dc175883c83fbd431ce32],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [8c860cb40684c571477c67172adbdd23],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [19f9754bf09a60d63e612bee828253ad],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}, Quarantined, [bf538c3414762c0a1ca95a34ce376898],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96D6A54A-32FE-496F-87AB-7E08A39FF1BC}, Quarantined, [3fd3734de9a159dd3e87246a75908977],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A2B4DA91-A53C-4A84-B486-40080DE13A9B}, Quarantined, [2be7d8e8bdcdeb4b873e424c2dd88080],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB9EFCEE-B30C-4989-98CC-EE371FA5B355}, Quarantined, [848ee3dd4d3db77f497c434b32d36f91],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [f919368addade2547ea4a0f529dc26da],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\BringMeSports_1c, Quarantined, [ce4405bb7e0c2d093c27f63e50b4e21e],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\EliteUnzip_aa, Quarantined, [db37754ba0eaad89d9e183b38c78f50b],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\SweetIM, Quarantined, [ee24be0267230333aa36f01b0301d828],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [a66c625ebdcd3600dafa631307feab55],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [3fd3853b256578be8d95e2b3ad5826da],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\APPDATALOW\SOFTWARE\BringMeSports_1c, Quarantined, [38da48784d3ddd59d589c96614f0d52b],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [4cc6249c0387e254be73f81861a3d52b],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\APPDATALOW\SOFTWARE\EliteUnzip_aa, Quarantined, [be54d5eb711942f4d59c161905ffba46],
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\APPDATALOW\SOFTWARE\SweetPacks, Quarantined, [c64c39875436340267fd958019ebbc44],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [9e74249c23672412a5a7af80b4505fa1],
PUP.Optional.Ask.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B297863-2FE8-4CF2-B412-B9C22AE44E39}, Quarantined, [b260467a5f2b072f90254a49f60f12ee],
PUP.Optional.Ask.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C9EF753-BEB6-4582-B653-93AC59274437}, Quarantined, [8f83a51b8703999d95874445a85d39c7],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [19f91aa6840655e1c42c4120759008f8],

Registry Values: 20
PUP.Optional.Ask.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [37db01bfc5c547ef51889bd834cfed13],
PUP.Optional.Ask.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 䨭ä½?卐ä??ꝶ硺ç?®í??, Quarantined, [37db01bfc5c547ef51889bd834cfed13]
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{8358a5f6-e352-4677-8386-9704aa8ad899}, Quarantined, [a86a6b557b0fa88eda281661d03340c0],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{8358A5F6-E352-4677-8386-9704AA8AD899}, Quarantined, [a86a6b557b0fa88eda281661d03340c0],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{06b5b051-1d05-443d-822f-39ab0d05f018}, Quarantined, [9979e3dd48429d996fa2591809fa13ed],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{06B5B051-1D05-443D-822F-39AB0D05F018}, Quarantined, [9979e3dd48429d996fa2591809fa13ed],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130599752526864004, Quarantined, [91812e920585b08642435d36aa5bf808]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130599752526864004, Quarantined, [fd15348ca6e456e0a6df6f242fd6f20e]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130599752526864004, Quarantined, [4fc3c000ef9b52e485006132c63f13ed]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130599752526864004, Quarantined, [21f100c02d5dea4ccbba840fab5a46ba]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130599752526864004, Quarantined, [987a7848b1d99a9c176fa4ef8d781fe1]
PUP.Optional.Mindspark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BringMeSports Home Page Guard 64 bit, "C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator64.exe", Quarantined, [cf43338d9febd264b251beabd431fc04]
PUP.Optional.Dregol.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Run_Dregol\\, Quarantined, [759d9e221179a98dd4854cad22e112ee]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}|AppPath, C:\Program Files (x86)\BringMeSports_1c\bar\1.bin, Quarantined, [bf538c3414762c0a1ca95a34ce376898]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96d6a54a-32fe-496f-87ab-7e08a39ff1bc}|AppPath, C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin, Quarantined, [3fd3734de9a159dd3e87246a75908977]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a2b4da91-a53c-4a84-b486-40080de13a9b}|AppPath, C:\Program Files (x86)\BringMeSports_1c\bar\1.bin, Quarantined, [2be7d8e8bdcdeb4b873e424c2dd88080]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{db9efcee-b30c-4989-98cc-ee371fa5b355}|AppPath, C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin, Quarantined, [848ee3dd4d3db77f497c434b32d36f91]
PUP.Optional.Ask.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B297863-2FE8-4CF2-B412-B9C22AE44E39}|SuggestionsURL_JSON, http://ss.websearch.ask.com/query?l... Quarantined, [b260467a5f2b072f90254a49f60f12ee]
PUP.Optional.Ask.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|DisplayName, Ask Web Search, Quarantined, [8f83a51b8703999d95874445a85d39c7]
PUP.Optional.ASK.A, HKU\S-1-5-21-3237140190-3914928451-2328811250-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, http://search.tb.ask.com/search/GGm... Quarantined, [040e615f7d0d5ed87285503ad53006fa]

Registry Data: 0
(No malicious items detected)

Folders: 11
PUP.Optional.AdPeak.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C, Quarantined, [c74b20a033579e9821d22763e42152ae],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [52c0358b06840a2cc7180aa9d132c040],
PUP.Optional.Mindspark.A, C:\Users\Timmy\AppData\LocalLow\VideoDownloadConverter_4z, Quarantined, [9a78546c8901ae889d3ff9d7c340f10f],
PUP.Optional.Goobzo, C:\Program Files (x86)\Common Files\Goobzo, Quarantined, [37db3d834d3d47efd9d28a527e8501ff],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [4ac8ae120585181e6d3e15c737cc8977],
PUP.Optional.OneSoftPerDay.A, C:\Users\Timmy\AppData\Local\ospd_us_375, Quarantined, [df339c2473172a0ce758ab3459aaa45c],
PUP.Optional.OneSoftPerDay.A, C:\Users\Timmy\AppData\Local\ospd_us_375\ospd_us_375, Quarantined, [df339c2473172a0ce758ab3459aaa45c],
PUP.Optional.OneSoftPerDay.A, C:\Users\Timmy\AppData\Local\ospd_us_375\ospd_us_375\1.20, Quarantined, [df339c2473172a0ce758ab3459aaa45c],
PUP.Optional.KlipPal.A, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51, Quarantined, [040e853bc9c1e6505bf7fef7cf34e020],
PUP.Optional.JungleNet.A, C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpoabkajdanepplbicgbjeahpbkelhg\1.0.5640.19269_0, Quarantined, [ae64942caedc7eb83dff6f1c37cf1ee2],
PUP.Optional.JungleNet.A, C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpoabkajdanepplbicgbjeahpbkelhg, Quarantined, [ae64942caedc7eb83dff6f1c37cf1ee2],

Files: 14
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf, Delete-on-Reboot, ,
PUP.Optional.BrowseFox, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.bak, Quarantined, [4dc5e5dbfe8c1f17a428aea3fc0642be],
PUP.Optional.MaintainerSvc.A, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe, Quarantined, [e52dcaf6cebc80b617eeb746cd34f709],
PUP.Optional.Dregol.C, C:\Users\Truc\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [060cab15aedc67cf77d8a9502fd443bd],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe, Quarantined, [c74b20a033579e9821d22763e42152ae],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\libeay32.dll, Quarantined, [c74b20a033579e9821d22763e42152ae],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll, Quarantined, [c74b20a033579e9821d22763e42152ae],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll, Quarantined, [c74b20a033579e9821d22763e42152ae],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ssleay32.dll, Quarantined, [c74b20a033579e9821d22763e42152ae],
PUP.Optional.OneSoftPerDay.A, C:\Users\Timmy\AppData\Local\ospd_us_375\ospd_us_375\1.20\cnf.cyl, Quarantined, [df339c2473172a0ce758ab3459aaa45c],
PUP.Optional.JungleNet.A, C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpoabkajdanepplbicgbjeahpbkelhg\1.0.5640.19269_0\manifest.json, Quarantined, [ae64942caedc7eb83dff6f1c37cf1ee2],
PUP.Optional.JungleNet.A, C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpoabkajdanepplbicgbjeahpbkelhg\1.0.5640.19269_0\background.js, Quarantined, [ae64942caedc7eb83dff6f1c37cf1ee2],
PUP.Optional.JungleNet.A, C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpoabkajdanepplbicgbjeahpbkelhg\1.0.5640.19269_0\content.js, Quarantined, [ae64942caedc7eb83dff6f1c37cf1ee2],
PUP.Optional.JungleNet.A, C:\Users\Truc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpoabkajdanepplbicgbjeahpbkelhg\1.0.5640.19269_0\icon.png, Quarantined, [ae64942caedc7eb83dff6f1c37cf1ee2],

Physical Sectors: 0
(No malicious items detected)


(end)

Truc C. Nguyen


Report •

#16
June 28, 2015 at 06:50:21
We are getting there, just a matter of dismantling the naties bit by bit.

I am going to bed now, shall catch up in about 9 hrs.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#17
June 28, 2015 at 13:39:38
John,

Have a good night!

Before running ComboFix, below are my questions and concerns

1- In the link
http://www.bleepingcomputer.com/dow...

"Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.

This program works with Windows 8, but not Windows 8.1 at this time!"

My laptop is Win 8.1. Is this program working?

2. Is Win 8.1 installing the Windows Recovery Console? How do we know it already installed in Win 8.1

3. Is Win 8.1 automatically restoring the Internet connection after rebooting? The instruction in the link
http://www.bleepingcomputer.com/com...
Manually restoring the Internet connection
There is no instruction for Win 8.1 and I do not see Repair menu option when right clicking on the Network connection.

Thank you for your prompt

Truc C. Nguyen


Report •

#18
June 28, 2015 at 16:39:45
✔ Best Answer
"My laptop is Win 8.1. Is this program working?"
Opp's Truc, sorry it does not work in 8.1 & it would have told you so, if you had tried to install it.

Next step.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#19
June 28, 2015 at 21:38:30
John,

I attempted configuring Security Trusted Site, XActiveFilter, ,,,but I was unable to run ESET Online Scanner on WIn 8.1 It shows a blank screen in
http://www.eset.com/int/online-scan... after I accepted Term of Use and start it.

Truc C. Nguyen


Report •

#20
June 28, 2015 at 21:48:54
Refer my post & do it the flash/thumb/pen/usb drive way.

Report •

#21
June 29, 2015 at 04:48:30
John

I am unable to find the link to download Version 5 of ESET Smart Security and ESET NOD32 Antivirus. Do you know where they are? Thanks,

Truc C. Nguyen


Report •

#22
June 29, 2015 at 06:25:16
No idea what you are doing Truc.

http://www.eset.com/us/online-scann...

Here are my screenshots.
http://i.imgur.com/jGYMQqi.gif
http://i.imgur.com/lmjGGHX.gif

Here is what it downloads, put it on your desktop, double click on it & let it do it's thing.
http://www98.zippyshare.com/v/bNG1j...


Report •

#23
June 29, 2015 at 09:58:45
John,

I made ESET Online Scanner working at Google Chrome. You might be confused in previous steps because ESET Online Scanner did not working in Internet Explore

Before I run ESET Online Scanner, like to ask you one question:
Different with picture in the link http://i.imgur.com/3U7YC.gif, ESET Online Scanner, Computer Scan Setting, I have 2 more options

1-Enable detection of potentially unwanted applications
2- Disable detection of potentially unwanted applications

Should I select option 1? Thanks,

Truc C. Nguyen


Report •

#24
June 29, 2015 at 17:37:26
"Should I select option 1?"
Yes Truc.

Report •

#25
June 30, 2015 at 04:57:24
John

I run ESET Online Scanner with 147 threats found and rem0ved I did not see log.txt in C:\Program Files\EsetOnlineScanner\log.txt

Truc C. Nguyen


Report •

#26
June 30, 2015 at 06:00:33
Do a search please.

Report •

#27
June 30, 2015 at 06:30:59
17. How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...

(on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")


Report •

#28
June 30, 2015 at 07:14:57
Yes I went to C:\Program Files (x86)\ESET\Esetonlinescanner\
But there is no log.txt

It showed 147 threats and I removed

Do I need to re-run ESET Online Scanner due to be wrong on something?

Thanks,

Truc C. Nguyen


Report •

#29
June 30, 2015 at 08:28:07
"Do I need to re-run ESET Online Scanner due to be wrong on something?"
No.

Did you do a search for > Esetonlinescanner


Report •

#30
June 30, 2015 at 08:34:46
I run ESET Online Scanner from
http://www.eset.com/us/online-scann... (Conversation #22)
in Internet Explore

Truc C. Nguyen


Report •

#31
June 30, 2015 at 08:36:42
I run ESET Online Scanner from
http://www.eset.com/us/online-scann... (Conversation #22)
in Google Chrome
Truc C. Nguyen

Truc C. Nguyen


Report •

#32
June 30, 2015 at 15:18:54
Ok, need to run Farbar again, upload the 2 logs please.

If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif


Report •

#33
June 30, 2015 at 15:45:36
FRST.txt
http://www35.zippyshare.com/v/ded6f...

Addition.txt

http://www35.zippyshare.com/v/UF8KJ...

Truc C. Nguyen


Report •

#34
June 30, 2015 at 16:03:13
Thanks Truc, our wires have been crossed since your post #25

Just to be clear, all I want at this point, is to find the ESET log on your comp.

Install & run UltraSearch. Make sure Files & Folders are checked.
Type in > Esetonlinescanner into Find: as per my screenshot & wait for the search to finish.
http://i.imgur.com/QgiMjvr.gif

Upload a screenshot of what it finds using Zippy.

http://www.softpedia.com/get/File-m...
http://www.freewarefiles.com/UltraS...
http://www.freewarefiles.com/screen...
http://www.jam-software.com/ultrase...


message edited by Johnw


Report •

#35
July 1, 2015 at 04:45:00
I followed your instructions above but the Ultresearch turned out nothing

I re-run ESET Online Scanner as well. This time, no threat was found. And the search could not find log.txt

Truc C. Nguyen


Report •

#36
July 1, 2015 at 04:56:21
"I followed your instructions above but the Ultresearch turned out nothing"
One final try, make sure 2 is enabled & look again for the ESET log.
http://www.sevenforums.com/tutorial...

2. To Show Hidden Files, Folders, and Drives
NOTE: This will also allow hidden drives to show despite if Hide empty drives in the Computer folder is checked.

A) Select (dot) Show hidden files, folders, and drives. (See screenshot below)

B) Click on the Apply button.

message edited by Johnw


Report •

#37
July 1, 2015 at 05:21:32
I selected "show Hidden Files, Folders, and Drives" to C drive
run UltraSearch. Files & Folders are checked.
Type in > Esetonlinescanner
Ultresearch turned out nothing

Truc C. Nguyen


Report •

#38
July 1, 2015 at 05:24:30
"Ultresearch turned out nothing"
Weird, at least ESET cleaned out the remnants.

Time to move on.

Nearly finished, let me know if you have to go offline please.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Report •

#39
July 1, 2015 at 05:34:20
Tool will create an report for you (C:\DelFix.txt)

# DelFix v1.010 - Logfile created 01/07/2015 at 08:31:38
# Updated 26/04/2015 by Xplode
# Username : Truc - TIMMYCATHYPC
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Truc\Desktop\Addition.txt
Deleted : C:\Users\Truc\Desktop\ComboFix.exe
Deleted : C:\Users\Truc\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Truc\Desktop\Fixlog.txt
Deleted : C:\Users\Truc\Desktop\FRST.txt
Deleted : C:\Users\Truc\Desktop\FRST64.exe
Deleted : C:\Users\Truc\Desktop\JRT.exe
Deleted : C:\Users\Truc\Desktop\JRT.txt
Deleted : C:\Users\Truc\Desktop\RKreport_DEL_06272015_125501.log
Deleted : C:\Users\Truc\Desktop\RogueKiller.exe
Deleted : C:\Users\Truc\Downloads\AdwCleaner.exe
Deleted : C:\Users\Truc\Downloads\ComboFix.exe
Deleted : C:\Users\Truc\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Truc\Downloads\FRST (1).exe
Deleted : C:\Users\Truc\Downloads\FRST.exe
Deleted : C:\Users\Truc\Downloads\FRST64 (1).exe
Deleted : C:\Users\Truc\Downloads\FRST64 (2).exe
Deleted : C:\Users\Truc\Downloads\JRT.exe
Deleted : C:\Users\Truc\Downloads\RogueKiller (1).exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #27 [Scheduled Checkpoint | 06/19/2015 21:59:26]
Deleted : RP #28 [Removed Microsoft Silverlight | 06/25/2015 23:37:29]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Truc C. Nguyen


Report •

#40
July 1, 2015 at 05:42:48
Perfect. I will finish up for tonight, will check back in the morning.

Extract from the fixlog.
"EmptyTemp: => 5.3 GB temporary data Removed"
Way, way to big, even for a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

Here is how the USER got into this mess, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#41
July 1, 2015 at 06:34:10
Good learning! Thank you

Truc C. Nguyen


Report •

#42
July 1, 2015 at 15:49:16
Truc, if you want to continue in the vein of thoroughness, I would run AdwCleaner & Malwarebytes again.

Post #17
"1- In the link
Please note that running this program without supervision can cause your computer to not operate correctly"
That applies to everything we have just done, that is why you should always have all your important stuff ( including your emails/address book ) backed up.
"Therefore only run this program at the request of an experienced helper"
That's me.

"2. Is Win 8.1 installing the Windows Recovery Console? How do we know it already installed in Win 8.1"
If you had Win 8, it would automatically determine that.

"3. Is Win 8.1 automatically restoring the Internet connection after rebooting? The instruction in the link"
Not applicable.

Post #35
"I re-run ESET Online Scanner as well"
Good move.
"This time, no threat was found. And the search could not find log.txt"
There is no log, if nothing is found.

Extract from your FRST log.
2015-06-26 07:12 - 2015-06-26 07:12 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Truc\Downloads\SpyHunter-Installer.exe
Do not use or install.
http://www.bleepingcomputer.com/for...

If installed, use this to uninstall. ( I use it for all uninstalls )
Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...


Report •

#43
July 1, 2015 at 19:58:57
I rerun AdwCleaner & Malwarebytes

I also used WPU to uninstall MalwareProtection360. I did not see SpyHunter-Installer installed.

Thank you for your much helping John

Truc C. Nguyen


Report •

#44
July 1, 2015 at 20:04:45
YW Truc, you should be Ok now.

Report •

#45
July 2, 2015 at 05:43:28
Thank you so much John

Truc C. Nguyen


Report •

#46
January 11, 2016 at 15:58:31
Just Thanks to John that had taken time to remove the malware from my laptop

Happy New Year

Truc C. Nguyen


Report •

#47
January 11, 2016 at 16:27:41
Happy New Year to you as well Truc.

Report •

Ask Question