Author Topic: viruses being detected (Read 5426 times)

REDACTED · « **on:** February 27, 2015, 05:32:56 PM »

been using avast! for about a week now since my computer was running really slow and ever since i installed it and let it run the scanners there's one that it can't seem to get rid of. it's basically from chrome everytime and different sites such as "theparenttrace" "files2share" etc etc etc, i get atleast 20 while on the computer for around 10 minutes, sometimes without even opening chrome itself...

I tried using Malwarebytes Anti-malware to scan but it gets stuck about 3/4 of the way through and i've left it to finish for about 3 hours and nothing, still says scanning... shall i leave it running overnight? any help would be appreciated! thanks in advance

essexboy · « **Reply #1 on:** February 27, 2015, 06:41:59 PM »

Hi lets see what you have... Could you attach a screenshot of the Avast popup

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

REDACTED · « **Reply #2 on:** February 27, 2015, 10:47:00 PM »

It wouldn't properly scan with aswMBR, it's stopped scanning for 20 minutes at this.

it does the same with avast. I think it's something in google chrome but I can't see anything when i go to apps/extensions. They must be hidden. I attached the other files if they're any use to you.

essexboy · « **Reply #3 on:** February 27, 2015, 11:04:00 PM »

OK the first thing you must do is uninstall Chrome, you can re-install once we have finished

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:63333;https=127.0.0.1:63333
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421652496&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421652496&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=GB&userid=14813b27-3259-2be0-0f19-6d09aa89fd28&searchtype=ds&q={searchTerms}&installDate=16/11/2013
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2190921567-3002956030-1035014947-1000 -> {099A4A17-E294-40F7-A3BC-8CFA58599E1F} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&ts=1421652541&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2190921567-3002956030-1035014947-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&ts=1421652541&type=default&q={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88
CHR HomePage: Default -> hxxp://uk.ask.com/?o=15434&l=dis
CHR StartupUrls: Default -> "", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421652496&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Users\Stu\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Stu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (YouTube) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-07]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-10-07]
CHR Extension: (Google Search) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-07]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-02-23]
CHR Extension: (AdBlock) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-07]
CHR Extension: (Bookmark Manager) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]
CHR Extension: (Gmail) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-07]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23]
S2 fdfcd97f; c:\Program Files (x86)\UpgradeLeader\UpgradeLeader.dll [1556992 2015-02-08] () [File not signed]
2015-02-10 07:04 - 2015-02-10 07:04 - 00000000 _____ () C:\Windows\SysWOW64\sho3091.tmp
2015-02-08 23:53 - 2015-02-08 23:55 - 00000000 ____D () C:\Program Files (x86)\SuaaveirPro
2015-02-08 23:27 - 2015-02-08 23:39 - 00000000 ____D () C:\Program Files (x86)\saVinshaope
2015-02-08 23:27 - 2015-02-08 23:39 - 00000000 ____D () C:\Program Files (x86)\saveribox
2015-02-08 23:26 - 2015-02-23 02:37 - 00000000 ____D () C:\Program Files (x86)\SmarttCoMparEE
2015-02-08 23:25 - 2015-02-08 23:53 - 00000000 ____D () C:\ProgramData\17328935941484846146
2015-02-08 23:24 - 2015-02-23 02:37 - 00000000 ____D () C:\Program Files (x86)\APptoU
2015-02-08 15:24 - 2015-02-08 15:24 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-02-08 15:03 - 2015-02-08 15:03 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader
2015-02-08 15:03 - 2015-01-19 07:33 - 00000000 ____D () C:\ProgramData\8915822200006085
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\Stu\AppData\Roaming\KWETHZ
Task: {1F021751-EE67-4CCF-B56D-6F84D6243949} - System32\Tasks\{A8C14615-6471-4CCE-AB07-54A72DB99AF4} => pcalua.exe -a C:\Users\Stu\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {4545BD3D-00B5-4787-A88B-5AB9F828C357} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {565361CD-0CEC-4654-9E4D-D9A9C3F828F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {8E764BC1-7F90-409C-9132-5DE356C73551} - System32\Tasks\{7C7F113E-90E0-4ECA-9E43-FAE8AD77BA25} => pcalua.exe -a C:\Users\Stu\Downloads\sp42222.exe -d C:\Users\Stu\Downloads
Task: {C30FCCD7-2BDF-4738-8FB5-E768E4C10B97} - System32\Tasks\{D76A49F9-4721-4471-B2A0-A037D849E64C} => pcalua.exe -a "C:\Users\Stu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH0OWARW\sp57965.exe" -d C:\Users\Stu\Desktop
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Stu\jagex_cl_runescape_LIVE.dat
C:\Users\Stu\random.dat
C:\Program Files (x86)\Google\Chrome
C:\Users\Stu\AppData\Local\Google\Chrome
c:\Program Files (x86)\UpgradeLeader
C:\Users\Stu\AppData\Roaming\omiga-plus
C:\Program Files (x86)\MyPC Backup
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED · « **Reply #4 on:** February 28, 2015, 01:17:26 AM »

Quote

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 00:06:27
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Stu - STU-HP
# Running from : C:\Users\Stu\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\yuna software
Folder Deleted : C:\Users\Stu\AppData\Local\Conduit
Folder Deleted : C:\Users\Stu\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Stu\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Stu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Stu\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Stu\AppData\Roaming\OpenCandy
File Deleted : C:\END
File Deleted : C:\Users\Guest\Desktop\FastPlayer.lnk
File Deleted : C:\Users\Mcx1-STU-HP\Desktop\FastPlayer.lnk

***** [ Scheduled tasks ] *****

Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2190921567-3002956030-1035014947-1000

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Lightshot]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fdfcd97f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\yuna software
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : [x64] HKLM\SOFTWARE\yuna software
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [6326 bytes] - [28/02/2015 00:01:39]
AdwCleaner[S0].txt - [5740 bytes] - [28/02/2015 00:06:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5799 bytes] ##########

REDACTED · « **Reply #5 on:** February 28, 2015, 01:18:24 AM »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Stu at 2015-02-27 23:44:16 Run:2
Running from C:\Users\Stu\Desktop
Loaded Profiles: Stu (Available profiles: Stu & Mcx1-STU-HP & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:63333;https=127.0.0.1:63333
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421652496&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421652496&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=GB&userid=14813b27-3259-2be0-0f19-6d09aa89fd28&searchtype=ds&q={searchTerms}&installDate=16/11/2013
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2190921567-3002956030-1035014947-1000 -> {099A4A17-E294-40F7-A3BC-8CFA58599E1F} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&ts=1421652541&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2190921567-3002956030-1035014947-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88&ts=1421652541&type=default&q={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88
CHR HomePage: Default -> hxxp://uk.ask.com/?o=15434&l=dis
CHR StartupUrls: Default -> "", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421652392&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421652496&from=tugs&uid=WDCXWD5000BPVT-60HXZT3_WD-WX81E71NRW88NRW88"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Users\Stu\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Stu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (YouTube) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-07]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-10-07]
CHR Extension: (Google Search) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-07]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-02-23]
CHR Extension: (AdBlock) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-07]
CHR Extension: (Bookmark Manager) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]
CHR Extension: (Gmail) - C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-07]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23]
S2 fdfcd97f; c:\Program Files (x86)\UpgradeLeader\UpgradeLeader.dll [1556992 2015-02-08] () [File not signed]
2015-02-10 07:04 - 2015-02-10 07:04 - 00000000 _____ () C:\Windows\SysWOW64\sho3091.tmp
2015-02-08 23:53 - 2015-02-08 23:55 - 00000000 ____D () C:\Program Files (x86)\SuaaveirPro
2015-02-08 23:27 - 2015-02-08 23:39 - 00000000 ____D () C:\Program Files (x86)\saVinshaope
2015-02-08 23:27 - 2015-02-08 23:39 - 00000000 ____D () C:\Program Files (x86)\saveribox
2015-02-08 23:26 - 2015-02-23 02:37 - 00000000 ____D () C:\Program Files (x86)\SmarttCoMparEE
2015-02-08 23:25 - 2015-02-08 23:53 - 00000000 ____D () C:\ProgramData\17328935941484846146
2015-02-08 23:24 - 2015-02-23 02:37 - 00000000 ____D () C:\Program Files (x86)\APptoU
2015-02-08 15:24 - 2015-02-08 15:24 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-02-08 15:03 - 2015-02-08 15:03 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader
2015-02-08 15:03 - 2015-01-19 07:33 - 00000000 ____D () C:\ProgramData\8915822200006085
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\Stu\AppData\Roaming\KWETHZ
Task: {1F021751-EE67-4CCF-B56D-6F84D6243949} - System32\Tasks\{A8C14615-6471-4CCE-AB07-54A72DB99AF4} => pcalua.exe -a C:\Users\Stu\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {4545BD3D-00B5-4787-A88B-5AB9F828C357} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {565361CD-0CEC-4654-9E4D-D9A9C3F828F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {8E764BC1-7F90-409C-9132-5DE356C73551} - System32\Tasks\{7C7F113E-90E0-4ECA-9E43-FAE8AD77BA25} => pcalua.exe -a C:\Users\Stu\Downloads\sp42222.exe -d C:\Users\Stu\Downloads
Task: {C30FCCD7-2BDF-4738-8FB5-E768E4C10B97} - System32\Tasks\{D76A49F9-4721-4471-B2A0-A037D849E64C} => pcalua.exe -a "C:\Users\Stu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH0OWARW\sp57965.exe" -d C:\Users\Stu\Desktop
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Stu\jagex_cl_runescape_LIVE.dat
C:\Users\Stu\random.dat
C:\Program Files (x86)\Google\Chrome
C:\Users\Stu\AppData\Local\Google\Chrome
c:\Program Files (x86)\UpgradeLeader
C:\Users\Stu\AppData\Roaming\omiga-plus
C:\Program Files (x86)\MyPC Backup
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-2190921567-3002956030-1035014947-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{099A4A17-E294-40F7-A3BC-8CFA58599E1F} => Key not found.
HKCR\CLSID\{099A4A17-E294-40F7-A3BC-8CFA58599E1F} => Key not found.
HKU\S-1-5-21-2190921567-3002956030-1035014947-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => Key not found.
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => Key not found.
HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSuggestURL not detected.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll not found.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File not found.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll not found.
C:\Users\Stu\AppData\Roaming\Mozilla\plugins\np-mswmp.dll not found.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll not found.
C:\Users\Stu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll not found.
CHR Profile: C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found.
C:\Users\Stu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aepeildmfnnehghlknddebgjghlompfe => Key not found.
"C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => Key not found.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
fdfcd97f => Service not found.
"C:\Windows\SysWOW64\sho3091.tmp" => File/Directory not found.
"C:\Program Files (x86)\SuaaveirPro" => File/Directory not found.
"C:\Program Files (x86)\saVinshaope" => File/Directory not found.
"C:\Program Files (x86)\saveribox" => File/Directory not found.
"C:\Program Files (x86)\SmarttCoMparEE" => File/Directory not found.
"C:\ProgramData\17328935941484846146" => File/Directory not found.
"C:\Program Files (x86)\APptoU" => File/Directory not found.
"C:\ProgramData\WildWestCoupon" => File/Directory not found.
"C:\Program Files (x86)\UpgradeLeader" => File/Directory not found.
"C:\ProgramData\8915822200006085" => File/Directory not found.
"C:\Users\Stu\AppData\Roaming\KWETHZ" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F021751-EE67-4CCF-B56D-6F84D6243949} => Key not found.
C:\Windows\System32\Tasks\{A8C14615-6471-4CCE-AB07-54A72DB99AF4} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A8C14615-6471-4CCE-AB07-54A72DB99AF4} => Key not found.

REDACTED · « **Reply #6 on:** February 28, 2015, 01:18:37 AM »

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4545BD3D-00B5-4787-A88B-5AB9F828C357} => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{565361CD-0CEC-4654-9E4D-D9A9C3F828F2} => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E764BC1-7F90-409C-9132-5DE356C73551} => Key not found.
C:\Windows\System32\Tasks\{7C7F113E-90E0-4ECA-9E43-FAE8AD77BA25} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C7F113E-90E0-4ECA-9E43-FAE8AD77BA25} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C30FCCD7-2BDF-4738-8FB5-E768E4C10B97} => Key not found.
C:\Windows\System32\Tasks\{D76A49F9-4721-4471-B2A0-A037D849E64C} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D76A49F9-4721-4471-B2A0-A037D849E64C} => Key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
"C:\Users\Stu\jagex_cl_runescape_LIVE.dat" => File/Directory not found.
"C:\Users\Stu\random.dat" => File/Directory not found.
"C:\Program Files (x86)\Google\Chrome" => File/Directory not found.
"C:\Users\Stu\AppData\Local\Google\Chrome" => File/Directory not found.
"c:\Program Files (x86)\UpgradeLeader" => File/Directory not found.
"C:\Users\Stu\AppData\Roaming\omiga-plus" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 515 KB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-27 23:52:04)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 23:52:04 ====

Rednose · « **Reply #7 on:** February 28, 2015, 01:29:42 AM »

Lol archangel89

Please attach the logs, as you did in reply #2

Greetz, Red.

essexboy · « **Reply #8 on:** February 28, 2015, 11:41:38 AM »

Could you now re-install Chrome and let me know if all is well

REDACTED · « **Reply #9 on:** February 28, 2015, 07:43:51 PM »

Sorry Rednose I totally forgot! lol

essex it seems to have stopped but it's taking longer to restart the laptop and when it comes on it tells me catalyst control panel stopped working? i'm unsure if that's important or not?

essexboy · « **Reply #10 on:** February 28, 2015, 07:50:28 PM »

That is part of your video card and can be disabled unless you do very intensive graphics work

Turn off CCC in MSconfig then reboot

Author Topic: viruses being detected (Read 5426 times)

REDACTED

viruses being detected

essexboy

Re: viruses being detected

REDACTED

Re: viruses being detected

essexboy

Re: viruses being detected

REDACTED

Re: viruses being detected

REDACTED

Re: viruses being detected

REDACTED

Re: viruses being detected

Rednose

Re: viruses being detected

essexboy

Re: viruses being detected

REDACTED

Re: viruses being detected

essexboy

Re: viruses being detected