Cannot get rid of this using Malwarebytes

[Hugo1446]

Hi,

Never again will I try to watch "free" episodes of The Simpsons!  Picked up a ton of malware but cannot get rid of this pesky one.

Malwarebytes is up-to-date and I keep scanning before and after each use. 

I sure could use some pointers.  Laurie



[recovering disk space, attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

***************************************
Can you describe the nature of this pesky one?

Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[Hugo1446]

Hello Dave and thank you for your reply.

Yesterday I was getting redirected to other unrequested websites.  I ran Malwarebytes and it picked up 200+ items which I deleted and rebooted my computer.  I then ran it again and picked up another 109 items and deleted them.

I thought all was OK, and then another unrequested website popped up.  I scanned again.

I will follow your instructions to the letter and will copy/paste logs as directed.

Thank you again for all of your help.

Laurie

[Hugo1446]

Malwarebytes Scan:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.05.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Laurie Campbell :: LAURIE-PC [administrator]

Protection: Enabled

11/4/2013 7:54:39 PM
MBAM-log-2013-11-04 (19-59-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235751
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{FEFE89E5-A43F-4f4b-8211-B11D91D02135} (PUP.Optional.CoolPic) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEFE89E5-A43F-4F4B-8211-B11D91D02135} (PUP.Optional.CoolPic) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FEFE89E5-A43F-4F4B-8211-B11D91D02135} (PUP.Optional.CoolPic) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FEFE89E5-A43F-4F4B-8211-B11D91D02135} (PUP.Optional.CoolPic) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{FEFE89E5-A43F-4F4B-8211-B11D91D02135} (PUP.Optional.CoolPic) -> Data: C:\Program Files\CoolPic\Firefox -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{FEFE89E5-A43F-4f4b-8211-B11D91D02135} (PUP.Optional.CoolPic) -> Data:  -> No action taken.

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=US&userid=e74dc6aa-f378-64bf-1fe6-1c79e5bafb0b&searchtype=hp&installDate=04/11/2013) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=US&userid=e74dc6aa-f378-64bf-1fe6-1c79e5bafb0b&searchtype=ds&q={searchTerms}&installDate=04/11/2013) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=US&userid=e74dc6aa-f378-64bf-1fe6-1c79e5bafb0b&searchtype=ds&q={searchTerms}&installDate=04/11/2013) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=US&userid=e74dc6aa-f378-64bf-1fe6-1c79e5bafb0b&searchtype=ds&q={searchTerms}&installDate=04/11/2013) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=US&userid=e74dc6aa-f378-64bf-1fe6-1c79e5bafb0b&searchtype=ds&q={searchTerms}&installDate=04/11/2013) Good: (http://www.google.com) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\CoolPic\Extension32.dll (PUP.Optional.CoolPic) -> No action taken.
C:\Users\Laurie Campbell\Downloads\installer_ccleaner_English.exe (PUP.Optional.VIT) -> No action taken.
C:\Users\Laurie Campbell\Downloads\Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken.
C:\Windows\Installer\59f4ecd.msi (PUP.Optional.SmartBar.A) -> No action taken.

(end)

AdwCleaner Scan:

# AdwCleaner v3.011 - Report created 04/11/2013 at 19:17:56
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laurie Campbell - LAURIE-PC
# Running from : C:\Users\Laurie Campbell\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Laurie Campbell\AppData\Roaming\Mozilla\Firefox\Profiles\5w947b8b.default\Extensions\[email protected]
File Found : C:\Users\Laurie Campbell\AppData\Roaming\Mozilla\Firefox\Profiles\5w947b8b.default\searchplugins\iminent.xml
File Found : C:\Users\Laurie Campbell\Desktop\eBay.lnk
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\System32\Tasks\PassWidget Update
File Found : C:\Windows\Tasks\AmiUpdXp.job
File Found : C:\Windows\Tasks\PassWidget Update.job
Folder Found : C:\Users\Laurie Campbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdagnimlohkpamglloopgfnoiijpmoj
Folder Found : C:\Users\Laurie Campbell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndoidmkcgdpbmpidejbjalidacilbdfl
Folder Found : C:\Users\Laurie Campbell\AppData\Roaming\Mozilla\Firefox\Profiles\5w947b8b.default\Extensions\[email protected]
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\Pass-Widget
Folder Found C:\Program Files (x86)\WebSearch
Folder Found C:\ProgramData\Iminent
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\seAvenushaare
Folder Found C:\ProgramData\PC Optimizer Pro
Folder Found C:\ProgramData\seAvenushaare
Folder Found C:\ProgramData\StarApp
Folder Found C:\Users\Laurie Campbell\AppData\Local\Smartbar
Folder Found C:\Users\Laurie Campbell\AppData\Local\SwvUpdater
Folder Found C:\Users\Laurie Campbell\AppData\LocalLow\Smartbar
Folder Found C:\Users\Laurie Campbell\AppData\Roaming\Iminent
Folder Found C:\Users\Laurie Campbell\AppData\Roaming\pccustubinstaller
Folder Found C:\Users\LAURIE~1\AppData\Local\Temp\Smartbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PassWidget
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKCU\Software\smartbar
Key Found : [x64] HKCU\Software\smartbarbackup
Key Found : [x64] HKCU\Software\smartbarlog
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322432262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436662}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fbdagnimlohkpamglloopgfnoiijpmoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Vittalia
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322432262}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436662}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Laurie Campbell\AppData\Roaming\Mozilla\Firefox\Profiles\5w947b8b.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.newtab.url", "hxxp://search.iminent.com/?ref=NewTab&appId=00000000-0000-0000-0000-000000000000");
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchboxes.info/?pid=377&r=2013/07/28&hid=2705003544&lg=EN&cc=US&unqvl=28&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.51f54c9c7eb8c.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsour[...]
Line Found : user_pref("extensions.51f54cadcc348.scode", "if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var a=function(){try{jQuery(\".down, .dloadf, .dloadt\").attr(\"hre[...]
Line Found : user_pref("extensions.51f56c8d14e60.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsour[...]
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://search.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=B763D985-8ECE-40B4-8439-78A554D9ED07&n=77fc942d&p2=^HJ^xdm017^YY^us&si=pconverter");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.installation.installDate", "2013041709");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.installation.partnerId", "^HJ^xdm017^YY^us");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.installation.partnerSubId", "pconverter");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.installation.toolbarId", "B763D985-8ECE-40B4-8439-78A554D9ED07");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.lastActivePing", "1366214939557");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers _.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark.lastInstal led", "[email protected]");
Line Found : user_pref("sweetim.toolbar.previous.browser.search .defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Laurie Campbell\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [24854 octets] - [04/11/2013 19:17:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [24915 octets] ##########

Security Check Scan:
 Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 PC TuneUp Maestro   
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player 11.9.900.117 
 Adobe Reader XI 
 Mozilla Firefox 24.0 Firefox out of Date! 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````[/u]

[Hugo1446]

JRT scan:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Laurie Campbell on Mon 11/04/2013 at 20:17:55.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] update qualitink
Successfully deleted: [Service] update qualitink



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\hdvid codec v1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1195460077-3848075135-1991403428-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9248e009-7b73-40b3-93a8-911fbbadb61e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9248e009-7b73-40b3-93a8-911fbbadb61e}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\qualitink"
Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare"



~~~ FireFox

Successfully deleted: [File] C:\Users\Laurie Campbell\AppData\Roaming\mozilla\firefox\profiles\5w947b8b.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Laurie Campbell\AppData\Roaming\mozilla\firefox\profiles\5w947b8b.default\prefs.js

user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=US&userid=e74dc6aa-f378-64bf-1fe6-1c79e5bafb0b&searchtype=ds&installDate={installDate}&q=
user_pref("toparcadehits.settings.addon_data", "hxxp://tt.toparcadehits.com/cmn?p=YTI3Njc3OTcyNjcOtMOOWV9InwtEzncwCoeO2L4OJP23l5Yt4qhxqa1eZfaiYxWHZvMbLnIo79o7Zob5qHDq4v2UgxVcE
Emptied folder: C:\Users\Laurie Campbell\AppData\Roaming\mozilla\firefox\profiles\5w947b8b.default\minidumps [61 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Laurie Campbell\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/04/2013 at 20:23:07.95
End of JRT log

[SuperDave]

You will need to run MBAM again and follow the instructions. Make sure that all infections are checked and select "Remove Selected".
Please let me know if you're still getting those unsolicited sites popping up after running MBAM and cleaning those infections.

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

****************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

[Hugo1446]

Hi Super Dave,

You are super! Thank you!

Java updated as recommended.

Followed your instructions to the letter.

I don't know if the infection(s) are all gone, but I keep scanning with MBAM and so far it "looks" good.  No more redirects.  System appears to be back to normal, however, I will be vigilant because I understand that the infection can be lurking.

Do I just keep updating MBAM and scanning every day?

Laurie

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Laurie Campbell :: LAURIE-PC [administrator]

Protection: Enabled

11/5/2013 5:40:24 PM
mbam-log-2013-11-05 (17-40-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233010
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[SuperDave]

Do I just keep updating MBAM and scanning every day?

Once a week should suffice.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Hugo1446]

Hi Dave,

I believe I reinfected my computer or I never got rid of the original source. The infection seems to be the same Registry Key.

 It appeared that everything was all clear, even after scanning with ESET. 

I tried downloading a program for screen capture and my browers were redirected.  I believe I have learned my lesson.

I will start the process by doing all steps in order, unless you advise otherwise. 

Thank you so much.  Laurie

[Hugo1446]

Here are the results of the scans that were done sequentially as advised. 

Any ideas would be most welcome!  Thank you so much.  Laurie

AdwCleaner Log:

# AdwCleaner v3.011 - Report created 08/11/2013 at 10:30:46
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laurie Campbell - LAURIE-PC
# Running from : C:\Users\Laurie Campbell\Downloads\adwcleaner(2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Laurie Campbell\AppData\Roaming\Mozilla\Firefox\Profiles\jwpkuyom.default-1383677479582\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Laurie Campbell\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [3704 octets] - [08/11/2013 09:50:18]
AdwCleaner[R3].txt - [1076 octets] - [08/11/2013 10:30:20]
AdwCleaner[S2].txt - [3484 octets] - [08/11/2013 09:51:18]
AdwCleaner[S3].txt - [999 octets] - [08/11/2013 10:30:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1058 octets] ##########

MBAM Log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Laurie Campbell :: LAURIE-PC [administrator]

Protection: Enabled

11/8/2013 10:36:40 AM
mbam-log-2013-11-08 (10-36-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234807
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Security317 Log:

Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
COMODO Antivirus   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Mozilla Firefox (25.0)
 Google Chrome 30.0.1599.101 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Comodo Firewall cmdagent.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Ok, please run ESET again and post the log.