User Tag List

internet explorer

This is a discussion on internet explorer within the Resolved HJT Threads forums, part of the Tech Support Forum category. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16659 Run by Brian at 0:58:26 on 2015-06-20 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1129


 
 
Thread Tools Search this Thread
Old 06-21-2015, 08:19 AM   #1
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16659
Run by Brian at 0:58:26 on 2015-06-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1129 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\O2 Connection Manager\WaHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\goodsol\goodsol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k wdisvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = Google
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: TalkTalk Mail Toolbar Loader: {97736b03-27dc-47fd-939e-12f77f73d792} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: TalkTalk Mail Toolbar: {E9D7AA34-9F3B-4A42-BE5D-E049DA305EC3} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: TalkTalk Mail Toolbar: {e9d7aa34-9f3b-4a42-be5d-e049da305ec3} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\brian\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [WatcherHelper] "c:\program files\o2 connection manager\WaHelper.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
dRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imageb~1.lnk - c:\program files\canon\imagebrowser ex\MFManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
TCP: NameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{2340FAC1-633B-4E4F-8767-6A8212877192} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{475BA6F5-E4BC-430D-8636-00C48D4235A8} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{AB3637D4-AA2A-4909-88B3-CBC73369DF2E} : DHCPNameServer = 8.8.8.8 62.40.32.33
TCP: Interfaces\{B2E3C615-ED9E-4FE9-BC0B-E096E733A9E8} : DHCPNameServer = 192.168.8.1 192.168.8.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\2mdl8s0t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.talktalk.co.uk/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: c:\users\brian\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\2mdl8s0t.default\extensions\{cefad33d-02d1-4da7-a524-9d9cd97948d2}\plugins\np_ybs.dll
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-5-7 191968]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-5-7 290272]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-5-7 166880]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-3-20 35808]
R0 RapportHades;RapportHades;c:\windows\system32\drivers\RapportHades.sys [2015-5-28 68280]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-3-11 132576]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-4-27 226784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-5-14 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-4-15 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-5-4 213984]
R1 RapportCerberus_1412108;RapportCerberus_1412108;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412108.sys [2015-6-17 528600]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2015-5-28 279800]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2015-5-28 348632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-5-18 3438544]
R2 avgsvc;AVG Service;c:\program files\avg\framework\common\avgsvcx.exe [2015-4-7 776656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-5-18 311792]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2013-7-29 34712]
R2 O2 HiLink;O2 HiLink;c:\programdata\mobilebrserv\mbbService.exe [2013-8-9 232288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2015-5-28 2222360]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2008-6-4 118784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-5-28 218008]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-7-22 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-12 772296]
.
=============== Created Last 30 ================
.
2015-06-18 17:45:09 -------- d--h--w- c:\windows\msdownld.tmp
2015-06-17 21:13:18 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-06-17 21:12:48 2066432 ----a-w- c:\windows\system32\win32k.sys
2015-06-17 20:57:07 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-06-17 20:56:53 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-06-17 20:56:53 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-06-17 20:56:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2015-06-17 20:56:52 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2015-06-17 20:56:52 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2015-06-17 20:56:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2015-05-28 14:16:18 68280 ----a-w- c:\windows\system32\drivers\RapportHades.sys
2015-05-28 14:16:16 218008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-26 11:08:18 -------- d-----w- c:\program files\goodsol
.
==================== Find3M ====================
.
2015-05-30 23:55:03 1809920 ----a-w- c:\windows\system32\jscript9.dll
2015-05-30 23:54:04 367616 ----a-w- c:\windows\system32\html.iec
2015-05-30 23:49:49 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-05-30 23:49:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-05-30 23:49:02 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-05-30 23:48:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-05-30 23:47:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-05-30 23:47:50 11776 ----a-w- c:\windows\system32\mshta.exe
2015-05-23 08:19:17 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-23 08:19:17 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 12:49:12 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-07 12:52:08 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-05-07 12:52:06 191968 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-04 13:15:06 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-04-30 16:03:33 279040 ----a-w- c:\windows\system32\schannel.dll
2015-04-30 13:14:01 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-27 12:19:26 226784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-04-19 21:24:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-04-19 21:24:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-04-19 21:24:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-04-19 21:24:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-04-19 20:19:37 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-04-19 20:18:56 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-04-19 20:13:15 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-04-19 20:12:25 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-04-19 20:12:20 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-04-15 12:05:06 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-04-14 01:35:06 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 01:35:06 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 23:22:42 279552 ----a-w- c:\windows\system32\services.exe
.
============= FINISH: 1:00:06.83 ===============
Attached Files
File Type: txt attach.txt (9.2 KB, 38 views)
brimun is offline  
Sponsored Links
Advertisement
 
Old 06-22-2015, 12:57 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello brimun,

Could you explain about the problem you are having? And please do the below intructions:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 06-22-2015, 01:22 AM   #3
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Can not open Internet Explorer. It has been closed by the DDS system and will not open. Can use Chrome and Firefox no problems.

OOPS not the DDS system !!!! it was closed by Data Execution Prevention programme....DEP sorry about that.

Regards

Brimun
brimun is offline  
Sponsored Links
Advertisement
 
Old 06-22-2015, 01:27 AM   #4
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Quote:
Originally Posted by tekir06 View Post
Hello brimun,

Could you explain about the problem you are having? And please do the below intructions:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
brimun is offline  
Old 06-22-2015, 01:31 AM   #5
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Hello Tekir06, I am not sure that I have managed to add the attachments correctly. Can you please confirm that you received them????

I am not too hot on some of this tech stuff!

I managed the downloads you requested but am not sure that I got them attached to my reply.
Regards

Brimun
brimun is offline  
Old 06-22-2015, 11:41 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

FRST and Addition.txt files may be attached by clicking the Manage Attachments button.
It's located under Additional Options on the composition page.
Browse to where you saved the file, and click Upload.



If you can not, Copy/Paste the contents of FRST.txt and Addition.txt your next reply.
__________________
tekir06 is offline  
Old 06-23-2015, 01:51 AM   #7
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



I think this time I've got it???
Attached Files
File Type: txt FRST.txt (29.2 KB, 203 views)
File Type: txt Addition.txt (31.5 KB, 67 views)
brimun is offline  
Old 06-24-2015, 12:30 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello brimun,

Thanks for the logs.

We need to uninstall a program.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Download Updater (AOL LLC)

=======================================================

Please do the following:

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKU\S-1-5-21-3817668467-4172483319-236027378-1000\...\MountPoints2: {c7796262-00ee-11e3-8bb0-000ae4cfce19} - F:\WIN\setup.exe
HKU\S-1-5-21-3817668467-4172483319-236027378-1000\...\MountPoints2: {df29e7e2-f398-11e2-962c-000ae4cfce19} - F:\AutoRun.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BF6FAECD-74E4-4FB9-8468-156071EACF9B} URL = 
SearchScopes: HKU\S-1-5-21-3817668467-4172483319-236027378-1000 -> {BF6FAECD-74E4-4FB9-8468-156071EACF9B} URL = https://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263&CUI=UN35604205716269314&UM=4
Toolbar: HKU\S-1-5-21-3817668467-4172483319-236027378-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\[email protected]
CHR HKU\S-1-5-21-3817668467-4172483319-236027378-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
2015-06-18 18:45 - 2015-06-18 18:59 - 00000000 ___HD C:\Windows\msdownld.tmp
C:\Users\Brian\AppData\Local\Temp\pc-cleaner-setup.exe
C:\Users\Brian\AppData\Local\Temp\pc-support-bar-setup.exe
EmptyTemp:
end
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 06-24-2015, 01:24 AM   #9
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Hello tekir,

Thanks for your fix it. I have followed your instructions and have copied below the fixlog.txt document. I have added it as an attachment as well.

I have not tried IE yet!!!! Is the fix now complete? You have been very helpful and I thank you very much.




Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Brian at 2015-06-24 09:02:35 Run:1
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-3817668467-4172483319-236027378-1000\...\MountPoints2: {c7796262-00ee-11e3-8bb0-000ae4cfce19} - F:\WIN\setup.exe
HKU\S-1-5-21-3817668467-4172483319-236027378-1000\...\MountPoints2: {df29e7e2-f398-11e2-962c-000ae4cfce19} - F:\AutoRun.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BF6FAECD-74E4-4FB9-8468-156071EACF9B} URL =
SearchScopes: HKU\S-1-5-21-3817668467-4172483319-236027378-1000 -> {BF6FAECD-74E4-4FB9-8468-156071EACF9B} URL = https://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263&CUI=UN35604205716269314&UM=4
Toolbar: HKU\S-1-5-21-3817668467-4172483319-236027378-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\[email protected]
CHR HKU\S-1-5-21-3817668467-4172483319-236027378-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
2015-06-18 18:45 - 2015-06-18 18:59 - 00000000 ___HD C:\Windows\msdownld.tmp
C:\Users\Brian\AppData\Local\Temp\pc-cleaner-setup.exe
C:\Users\Brian\AppData\Local\Temp\pc-support-bar-setup.exe
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3817668467-4172483319-236027378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7796262-00ee-11e3-8bb0-000ae4cfce19}" => key removed successfully.
HKCR\CLSID\{c7796262-00ee-11e3-8bb0-000ae4cfce19} => key not found.
"HKU\S-1-5-21-3817668467-4172483319-236027378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df29e7e2-f398-11e2-962c-000ae4cfce19}" => key removed successfully.
HKCR\CLSID\{df29e7e2-f398-11e2-962c-000ae4cfce19} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3817668467-4172483319-236027378-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF6FAECD-74E4-4FB9-8468-156071EACF9B}" => key removed successfully.
HKCR\CLSID\{BF6FAECD-74E4-4FB9-8468-156071EACF9B} => key not found.
HKU\S-1-5-21-3817668467-4172483319-236027378-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
"HKU\S-1-5-21-3817668467-4172483319-236027378-1000\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully.
C:\Windows\msdownld.tmp => moved successfully.
C:\Users\Brian\AppData\Local\Temp\pc-cleaner-setup.exe => moved successfully.
C:\Users\Brian\AppData\Local\Temp\pc-support-bar-setup.exe => moved successfully.
EmptyTemp: => 1.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:04:59 ====
Attached Files
File Type: txt Fixlog.txt (3.4 KB, 17 views)
brimun is offline  
Old 06-24-2015, 01:41 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello brimun,

You're welcome No, it's not completed yet. Let's move on.

Plaese do the following:


Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

=====================================================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 06-24-2015, 02:46 AM   #11
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



hello Tekir, Followed your latest instructions. Scan found 524 threats!!! Has "quarantined" 401 threats and programme has now stopped for the last 15 minutes at that point. Should I just leave it and it will wake up and continue??

Have attached as for as it went


Regards
Brimun
Attached Files
File Type: txt IE scan.txt (1.0 KB, 26 views)
brimun is offline  
Old 06-24-2015, 03:46 AM   #12
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Quote:
Originally Posted by tekir06 View Post
Hello brimun,

You're welcome No, it's not completed yet. Let's move on.

Plaese do the following:


Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

=====================================================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
brimun is offline  
Old 06-24-2015, 03:51 AM   #13
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Hello Tekir,

I think i have it this time. First scan showed 524 threats and removed 401 then froze. I ran the scan again and it showed no threats. I have attached all the different results. Hope I have done right?????
Regards

Brimun

ps should I "Delete All " in the application log??
Attached Files
File Type: txt IE scan.txt (1.0 KB, 10 views)
File Type: txt IE scan.txt 2.txt (1.0 KB, 20 views)
File Type: txt IE scan 3.txt (1.0 KB, 19 views)
File Type: txt IEscan4.txt (832 Bytes, 16 views)
brimun is offline  
Old 06-24-2015, 03:53 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello brimun,
Quote:
Scan found 524 threats!!! Has "quarantined" 401 threats and programme has now stopped for the last 15 minutes at that point.
I didn't see threats and quarantine informations in the contents of the log. Does the problem continue with Malwarebytes?
__________________
tekir06 is offline  
Old 06-24-2015, 03:58 AM   #15
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



No. I did the scan again and it showed no threats. The two scan logs..the first one that froze....show no threats. I dont really understand that !!!!

Regards

Brimun
brimun is offline  
Old 06-24-2015, 04:20 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Okay. Please do the following:

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 06-24-2015, 07:28 AM   #17
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista



Hello Tekir,

Done scan and found 6 threats. Detail below.


Do I remove them? How do I remove them?
I also still have the logs in the Malwarebytes program...do I delete them?

Regards


Brimun



C:\Users\Brian\AppData\Roaming\RHEng\03D385E9DA504CA9A9E69D65A9F6EAF1\speedupmypc-ROE-p2.exe Win32/UniBlue.A potentially unwanted application
C:\Users\Brian\Downloads\DM-232.exe Win32/HotSpotShield potentially unwanted application
C:\Users\Brian\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
C:\Users\Brian\Downloads\HSS-3.42-install-e-550-plain.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2014-10-01 190001\Backup files 1.zip Win32/JoyDownloader.D potentially unwanted application
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2015-01-07 160831\Backup files 1.zip a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
brimun is offline  
Old 06-25-2015, 01:06 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello brimun,

You don't delete log or program until I say. I have a question. do you have any problems with GoogleDesktop?

Please do the following:

STEP 1

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
C:\Users\Brian\AppData\Roaming\RHEng\03D385E9DA504CA9A9E69D65A9F6EAF1\speedupmypc-ROE-p2.exe
C:\Users\Brian\Downloads\DM-232.exe
C:\Users\Brian\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
C:\Users\Brian\Downloads\HSS-3.42-install-e-550-plain.exe
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2014-10-01 190001\Backup files 1.zip
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2015-01-07 160831\Backup files 1.zip
EmptyTemp:
end
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

=============================================

STEP 2

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
__________________
tekir06 is offline  
Old 06-25-2015, 02:04 AM   #19
Registered Member
 
Join Date: Aug 2014
Posts: 37
OS: vista


EEK!

Hello Tekir, Thanks for keeping it going...I really appreciate your help.

No.. I do not think I have any problems with Google chrome and the the desktop. The only problem is the IE problem!

I detail below the fixlist.txt created this morning...followed by the Adwcleaner logfile.

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by Brian at 2015-06-25 09:25:37 Run:2
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
C:\Users\Brian\AppData\Roaming\RHEng\03D385E9DA504CA9A9E69D65A9F6EAF1\speedupmypc-ROE-p2.exe
C:\Users\Brian\Downloads\DM-232.exe
C:\Users\Brian\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
C:\Users\Brian\Downloads\HSS-3.42-install-e-550-plain.exe
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2014-10-01 190001\Backup files 1.zip
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2015-01-07 160831\Backup files 1.zip
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Users\Brian\AppData\Roaming\RHEng\03D385E9DA504CA9A9E69D65A9F6EAF1\speedupmypc-ROE-p2.exe => moved successfully.
C:\Users\Brian\Downloads\DM-232.exe => moved successfully.
C:\Users\Brian\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe => moved successfully.
C:\Users\Brian\Downloads\HSS-3.42-install-e-550-plain.exe => moved successfully.
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2014-10-01 190001\Backup files 1.zip => moved successfully.
D:\BRIAN-PC\Backup Set 2014-08-09 133231\Backup Files 2015-01-07 160831\Backup files 1.zip => moved successfully.
EmptyTemp: => 233.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:27:33 ====



***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Users\Brian\AppData\Local\Conduit
Folder Deleted : C:\Users\Brian\AppData\Local\DriverTuner
Folder Deleted : C:\Users\Brian\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Brian\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Brian\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Brian\AppData\Roaming\SmartPCFix
Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
File Deleted : C:\Users\Brian\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2mdl8s0t.default\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2mdl8s0t.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Mozilla Firefox v31.0 (x86 en-GB)


-\\ Google Chrome v43.0.2357.130

[C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={40999CEA-9300-4931-94D5-3C238F034C9B}&mid=873bcb3a25b847d3b5968965c6f77b90-8390530a35a7f59e73a983444dffc0d990b351af&lang=en&ds=AVG&pr=fr&d=2013-07-23 16:14:07&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"] ,"explicit_host":["\u003Call_urls>","chrome://favicon/*"] ,"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"] },"blacklist_state":0,"commands":{"_execute_page_action":{"suggested_key":"Alt+Shift+P","was_assigned":true}},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["browsingData","cookies","downloads","downloadsInternal","history","homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"] ,"explicit_host":["\u003Call_urls>","chrome://favicon/*"] ,"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"] },"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13075831925900195","lastpingday":"13079602805933988","location":1,"manifest":{"background":{"page":"background.html","persistent":true},"chrome_settings_overrides":{"homepage":"hxxps://mysearch.avg.com/?rvt=1","search_provider":{"encoding":"UTF-8","favicon_url":"hxxps://mysearch.avg.com/favicon.ico","is_default":true,"keyword":"hxxps://mysearch.avg.com","name":"AVG Secure Search

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [5092 bytes] - [25/06/2015 09:42:45]
AdwCleaner[S0].txt - [5099 bytes] - [25/06/2015 09:45:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5158 bytes] ##########
brimun is offline  
Old 06-25-2015, 02:52 AM   #20
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Thank you for answer and the log. Now, please try run IE. Is your problem continues? Let me know.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
url:mal virus
I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2". I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad: Thanks in advance.:bang head: Dell...
Larry Crooms Resolved HJT Threads 35 01-14-2014 04:16 AM
CPU at 100% most of the time.
Hi guys, Lately I have been having a problem with my PC. On several occasions my PC has slowed right down and virtually ground to a halt. When I've checked it with Task Manager, it shows that the processor is running at 100%, and that there are over 40 processes running at once. This can happen...
Hairymartin1966 Resolved HJT Threads 35 08-09-2013 11:33 AM
Dell is running SO SLOW
Hi, I know next to nothing about most of what I'm finding on this site, but the step-by-steps are helpful! My Dell Insprion 1525 is running so slow, I can barely even run internal scans to find out what's wrong. It just took over 90 minutes to run my "Windows Experience Index." iTunes is no...
rebel150 Resolved HJT Threads 15 07-05-2012 09:28 AM
Antivira AV virus - Help appreciated
Hi there My pc picked up a nasty virus called Antivira AV rendering it pretty much useless. It’s a bogus virus scanner that automatically seems to close down Windows Defender and take over. I can’t use Internet Explorer and also can’t go in the Task Manager, when I press Ctrl alt delete it...
Jvdbliek Resolved HJT Threads 18 03-03-2011 09:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:29 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts