jeremyorme

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jeremyorme

  • Rank
    Newbie
  1. I don't see the adware in the browsers anymore Thanks for your help!
  2. Sorry for the delayed reply! Here is the fix log: Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by Jeremy (2016-07-06 09:10:18) Run:3 Running from C:\Users\Jeremy\Desktop Loaded Profiles: Jeremy (Available Profiles: UpdatusUser & Jeremy & Classic .NET AppPool & ASP.NET V4.0 Integrated & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = 2016-06-13 15:13 - 2016-06-13 15:13 - 00142495 _____ C:\WINDOWS\33cccbee74c2e06a472ff8ccc8ca29c6.exe 2016-06-13 15:13 - 2016-06-13 15:13 - 00079944 _____ C:\WINDOWS\system32\Drivers\76c57b794e6c8656618f09e27daee20d.sys AlternateDataStreams: C:\Users\Jeremy\Downloads\esetonlinescanner_enu (1).exe:BDU [0] AlternateDataStreams: C:\Users\Jeremy\Downloads\WcInstaller.exe:BDU [0] IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-665035586-3844912205-1700048427-1001\...\webcompanion.com -> hxxp://webcompanion.com CMD: ipconfig /flushdns Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully C:\WINDOWS\33cccbee74c2e06a472ff8ccc8ca29c6.exe => moved successfully C:\WINDOWS\system32\Drivers\76c57b794e6c8656618f09e27daee20d.sys => moved successfully C:\Users\Jeremy\Downloads\esetonlinescanner_enu (1).exe => ":BDU" ADS removed successfully. C:\Users\Jeremy\Downloads\WcInstaller.exe => ":BDU" ADS removed successfully. "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully "HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 09:10:21 ====
  3. AdwCleaner log file: # AdwCleaner v5.200 - Logfile created 24/06/2016 at 19:57:02 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-23.1 [server] # Operating system : Windows 10 Home (X64) # Username : Jeremy - JEREMY-LAPTOP # Running from : C:\Users\Jeremy\Desktop\adwcleaner_5.200.exe # Option : Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** Service Found : LavasoftTcpService Service Found : WCAssistantService ***** [ Folders ] ***** Folder Found : C:\ProgramData\lavasoft\web companion Folder Found : C:\ProgramData\Application Data\lavasoft\web companion Folder Found : C:\Program Files (x86)\lavasoft\web companion Folder Found : C:\Users\Jeremy\AppData\Roaming\lavasoft\web companion ***** [ Files ] ***** File Found : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll File Found : C:\WINDOWS\SysNative\LavasoftTcpService64.dll File Found : C:\WINDOWS\SysNative\drivers\76c57b794e6c8656618f09e27daee20d.sys ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Key Found : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKLM\SOFTWARE\Lavasoft\Web Companion Key Found : HKLM\SOFTWARE\AVSoftware Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] Value Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] ***** [ Web browsers ] ***** ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [8009 bytes] - [20/06/2016 17:20:04] C:\AdwCleaner\AdwCleaner[R0].txt - [1896 bytes] - [03/04/2015 17:28:35] C:\AdwCleaner\AdwCleaner[s0].txt - [1283 bytes] - [03/04/2015 17:31:25] C:\AdwCleaner\AdwCleaner[s1].txt - [8992 bytes] - [20/06/2016 15:48:03] C:\AdwCleaner\AdwCleaner[s2].txt - [9065 bytes] - [20/06/2016 17:08:35] C:\AdwCleaner\AdwCleaner[s3].txt - [3192 bytes] - [24/06/2016 19:57:02] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [3265 bytes] ########## Addition.txt FRST.txt Shortcut.txt
  4. There is still some adware, although it's less frequent than before. Here is Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01 Ran by Jeremy (2016-06-23 17:28:04) Run:2 Running from C:\Users\Jeremy\Desktop Loaded Profiles: Jeremy (Available Profiles: UpdatusUser & Jeremy & Classic .NET AppPool & ASP.NET V4.0 Integrated & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: C:\Program Files\030e03feb5f74bf3348e770c6260cc20 Reboot: ***************** Restore point was successfully created. Processes closed successfully. C:\Program Files\030e03feb5f74bf3348e770c6260cc20 => moved successfully The system needed a reboot. ==== End of Fixlog 17:28:07 ====
  5. Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01 Ran by Jeremy (2016-06-23 08:04:29) Run:1 Running from C:\Users\Jeremy\Desktop Loaded Profiles: Jeremy (Available Profiles: UpdatusUser & Jeremy & Classic .NET AppPool & ASP.NET V4.0 Integrated & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: Task: {C1699D6E-E6F5-430A-A5FB-C36561F7FCA9} - System32\Tasks\{EEFAE0FD-6EC0-4B85-8196-86FD7FE74299} => pcalua.exe -a "C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M26CC7R\winsdk_web.exe" -d C:\Users\Jeremy\Desktop ShortcutWithArgument: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466249197&a=1003478&src=sh&uuid=7aa70476-3a02-4fe3-a32d-e79aafac657e" ShortcutWithArgument: C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466249197&a=1003478&src=sh&uuid=7aa70476-3a02-4fe3-a32d-e79aafac657e" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1466249197&a=1003478&src=sh&uuid=7aa70476-3a02-4fe3-a32d-e79aafac657e" --disable-quic ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466249197&a=1003478&src=sh&uuid=7aa70476-3a02-4fe3-a32d-e79aafac657e" ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1466249197&a=1003478&src=sh&uuid=7aa70476-3a02-4fe3-a32d-e79aafac657e" --disable-quic ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466249197&a=1003478&src=sh&uuid=7aa70476-3a02-4fe3-a32d-e79aafac657e" AlternateDataStreams: C:\Users\Jeremy\Desktop\adwcleaner_5.200.exe:BDU [0] AlternateDataStreams: C:\Users\Jeremy\Downloads\adwcleaner_5.200.exe:BDU [0] AlternateDataStreams: C:\Users\Jeremy\Downloads\FRST64.exe:BDU [0] IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-665035586-3844912205-1700048427-1001\...\webcompanion.com -> hxxp://webcompanion.com Hosts: Folder: C:\Program Files\030e03feb5f74bf3348e770c6260cc20 CMD: ipconfig /flushdns EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1699D6E-E6F5-430A-A5FB-C36561F7FCA9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1699D6E-E6F5-430A-A5FB-C36561F7FCA9}" => key removed successfully C:\WINDOWS\System32\Tasks\{EEFAE0FD-6EC0-4B85-8196-86FD7FE74299} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEFAE0FD-6EC0-4B85-8196-86FD7FE74299}" => key removed successfully C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully. C:\Users\Jeremy\Desktop\adwcleaner_5.200.exe => ":BDU" ADS removed successfully. C:\Users\Jeremy\Downloads\adwcleaner_5.200.exe => ":BDU" ADS removed successfully. "C:\Users\Jeremy\Downloads\FRST64.exe" => ":BDU" ADS not found. "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully "HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========================= Folder: C:\Program Files\030e03feb5f74bf3348e770c6260cc20 ======================== 2016-06-18 16:38 - 2016-06-20 16:44 - 0026784 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\06dcc0fab9a3e19ffeaf5bba285bc6fe 2016-06-13 15:17 - 2016-06-13 15:17 - 28838400 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\16a40500ca93a270f44c6a16757098e6.exe 2016-06-13 15:13 - 2016-06-13 15:13 - 0935165 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\33cccbee74c2e06a472ff8ccc8ca29c6.exe 2016-06-18 16:38 - 2016-06-18 16:38 - 0000019 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\76c57b794e6c8656618f09e27daee20d.cfg 2016-06-13 15:13 - 2016-06-18 16:38 - 0002642 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\76c57b794e6c8656618f09e27daee20d.inf 2016-06-13 15:13 - 2016-06-13 15:13 - 0079944 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\76c57b794e6c8656618f09e27daee20d.sys 2016-06-13 15:13 - 2016-06-13 15:13 - 0004286 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\a9c06be8aaaa2b370cc46ca767d1f5c6.ico 2016-06-13 15:24 - 2016-06-13 15:24 - 20770304 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\b6b2a7e74dd6c3efe688948052faabef.exe 2016-06-13 15:13 - 2016-06-18 16:38 - 0076453 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\ba86aa26a321dc11f6601770310eed59 2016-06-13 15:24 - 2016-06-20 08:11 - 0762537 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c085066c835f924d7a69d259ff73464c.exe 2016-06-13 15:24 - 2016-06-13 15:24 - 0693165 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\fe2e6be8dcba3137608a20524860e07e.exe 2016-06-18 16:38 - 2016-06-18 16:38 - 0000000 ____D () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c1f607efaa89c48aec6491dadf8a75eb 2016-05-12 19:31 - 2016-05-12 19:31 - 0003262 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c1f607efaa89c48aec6491dadf8a75eb\17fd7fd4989bc84ed8e7055e6a297027.ico 2016-06-13 15:13 - 2016-06-13 15:13 - 0004286 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c1f607efaa89c48aec6491dadf8a75eb\a9c06be8aaaa2b370cc46ca767d1f5c6.ico 2016-05-12 19:31 - 2016-05-12 19:31 - 0003262 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c1f607efaa89c48aec6491dadf8a75eb\fc50f88ada67e8d36a38dcccadb10edd.ico 2016-06-18 16:38 - 2016-06-20 08:11 - 0000000 ____D () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c4575512726f0d10239e6f69e9d7904b 2016-06-20 08:11 - 2016-06-20 08:11 - 23373824 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c4575512726f0d10239e6f69e9d7904b\axphcw.dll 2016-06-20 08:11 - 2016-06-20 08:11 - 12332544 _____ () C:\Program Files\030e03feb5f74bf3348e770c6260cc20\c4575512726f0d10239e6f69e9d7904b\fouttc.dll ====== End of Folder: ====== ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 48171 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11911835 B Java, Flash, Steam htmlcache => 2632 B Windows/system/drivers => 26005794 B Edge => 59532403 B Chrome => 1 B Firefox => 27553283 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6148 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 57392 B NetworkService => 334325 B UpdatusUser => 0 B Jeremy => 449640218 B Classic .NET AppPool => 0 B ASP.NET V4.0 Integrated => 0 B DefaultAppPool => 0 B RecycleBin => 30218400 B EmptyTemp: => 577.3 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:08:05 ====
  6. The AdwCleaner report: # AdwCleaner v5.200 - Logfile created 20/06/2016 at 17:20:04 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-20.3 [server] # Operating system : Windows 10 Home (X64) # Username : Jeremy - JEREMY-LAPTOP # Running from : C:\Users\Jeremy\Desktop\adwcleaner_5.200.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** [x] Service Not Deleted : LavasoftTcpService [x] Service Not Deleted : WCAssistantService [-] Service Deleted : 76c57b794e6c8656618f09e27daee20d [-] Service Deleted : 7dbea00b08eb7d7f72afadf2fcf50533 ***** [ Folders ] ***** [x] Folder Not Deleted : C:\ProgramData\lavasoft\web companion [-] Folder Deleted : C:\ProgramData\779d90b7-2db7-0 [-] Folder Deleted : C:\ProgramData\779d90b7-7635-1 [x] Folder Not Deleted : C:\ProgramData\Application Data\lavasoft\web companion [#] Folder Deleted : C:\ProgramData\Application Data\779d90b7-2db7-0 [#] Folder Deleted : C:\ProgramData\Application Data\779d90b7-7635-1 [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear [-] Folder Deleted : C:\Program Files (x86)\Max Driver Updater [x] Folder Not Deleted : C:\Program Files (x86)\lavasoft\web companion [-] Folder Deleted : C:\Program Files (x86)\232BBA00-1466249747-81E1-22A2-10BF482F6BC6 [-] Folder Deleted : C:\Users\Jeremy\AppData\Local\Temp\MAXDriverUpdater [-] Folder Deleted : C:\Users\Jeremy\AppData\Roaming\Nosibay [-] Folder Deleted : C:\Users\Jeremy\AppData\Roaming\Store [-] Folder Deleted : C:\Users\Jeremy\AppData\Roaming\WTools [-] Folder Deleted : C:\Users\Jeremy\AppData\Roaming\SpringFiles [x] Folder Not Deleted : C:\Users\Jeremy\AppData\Roaming\lavasoft\web companion [#] Folder Deleted : C:\Users\Jeremy\AppData\Roaming\store [-] Folder Deleted : C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock [-] Folder Deleted : C:\Program Files\Caster ***** [ Files ] ***** [-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll [-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini [-] File Deleted : C:\Users\Jeremy\AppData\Roaming\Bubble Dock.boostrap.log [-] File Deleted : C:\Users\Jeremy\AppData\Roaming\Bubble Dock.installation.log [-] File Deleted : C:\Users\Jeremy\AppData\Roaming\Selection Tools.installation.log [-] File Deleted : C:\Users\Jeremy\AppData\Roaming\WindApp.boostrap.log [-] File Deleted : C:\Users\Jeremy\AppData\Roaming\WindApp.installation.log [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : WindApp Update [-] Task Deleted : Selection Tools Update [-] Task Deleted : Selection Tools Update ***** [ Registry ] ***** [x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E [x] Key Not Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Key Deleted : HKCU\Software\Classes\.bubbledock [-] Key Deleted : HKCU\Software\Classes\bubbledock [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} [x] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} [-] Key Deleted : HKCU\Software\Nosibay [-] Key Deleted : HKCU\Software\Store [-] Key Deleted : HKCU\Software\WajIEnhance [-] Key Deleted : HKCU\Software\WTools [-] Key Deleted : HKCU\Software\SrpnFiles [-] Key Deleted : HKCU\Software\Wizzlabs [-] Key Deleted : HKCU\Software\MICROSOFT\IDSC [x] Key Not Deleted : HKCU\Software\AppDataLow\Software\adawarebp [-] Key Deleted : HKLM\SOFTWARE\SrpnFiles [x] Key Not Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion [-] Key Deleted : HKLM\SOFTWARE\Social2Sear [x] Key Not Deleted : HKLM\SOFTWARE\AVSoftware [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 [-] Key Deleted : [x64] HKLM\SOFTWARE\Social2Sear [-] Key Deleted : [x64] HKLM\SOFTWARE\AVSoftware [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1} [x] Key Not Deleted : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\AppDataLow\Software\adawarebp [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1374E61D-8EEB-4E2D-BA96-1176C22CDBBF}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0E008854-7C81-4DD1-8FF0-4384B0AF1190}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C36091A4-6D37-48B5-8CDB-723E753D2BE8}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{038658C6-0064-49FD-B2E6-212E012CA257}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EFABDB3E-91D1-4C19-B23B-87264222641B}] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380} [#] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [#] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [selection Tools] [#] Value Deleted : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [selection Tools] [x] Value Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] [x] Value Not Deleted : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Caster] [#] Value Deleted : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [Caster] ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: "Prefetch" files deleted :: Proxy settings cleared :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [7553 bytes] - [20/06/2016 17:20:04] C:\AdwCleaner\AdwCleaner[R0].txt - [1896 bytes] - [03/04/2015 17:28:35] C:\AdwCleaner\AdwCleaner[s0].txt - [1283 bytes] - [03/04/2015 17:31:25] C:\AdwCleaner\AdwCleaner[s1].txt - [8992 bytes] - [20/06/2016 15:48:03] C:\AdwCleaner\AdwCleaner[s2].txt - [9065 bytes] - [20/06/2016 17:08:35] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7918 bytes] ########## List of found threats: C:\AdwCleaner\FileQuarantine\C\Program Files\Caster\wizzcaster.exe.vir a variant of MSIL/Adware.CsdiMonetize.B application C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\232BBA00-1466249747-81E1-22A2-10BF482F6BC6\Uninstall.exe.vir Win32/Adware.ConvertAd.AEY application C:\AdwCleaner\FileQuarantine\C\Users\Jeremy\AppData\Roaming\WTools\Selection Tools\Selection Tools Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Users\Jeremy\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe.vir Win32/BubbleDock.C potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application Addition.txt FRST.txt
  7. Thanks CeciliaB! Here is the log output: # AdwCleaner v5.200 - Logfile created 20/06/2016 at 15:48:03 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-20.2 [server] # Operating system : Windows 10 Home (X64) # Username : Jeremy - JEREMY-LAPTOP # Running from : C:\Users\Jeremy\Desktop\adwcleaner_5.200.exe # Option : Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** Service Found : LavasoftTcpService Service Found : WCAssistantService Service Found : 76c57b794e6c8656618f09e27daee20d Service Found : 7dbea00b08eb7d7f72afadf2fcf50533 ***** [ Folders ] ***** Folder Found : C:\ProgramData\lavasoft\web companion Folder Found : C:\ProgramData\779d90b7-2db7-0 Folder Found : C:\ProgramData\779d90b7-7635-1 Folder Found : C:\ProgramData\Application Data\lavasoft\web companion Folder Found : C:\ProgramData\Application Data\779d90b7-2db7-0 Folder Found : C:\ProgramData\Application Data\779d90b7-7635-1 Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear Folder Found : C:\Program Files (x86)\Max Driver Updater Folder Found : C:\Program Files (x86)\lavasoft\web companion Folder Found : C:\Program Files (x86)\232BBA00-1466249747-81E1-22A2-10BF482F6BC6 Folder Found : C:\Users\Jeremy\AppData\Local\Temp\MAXDriverUpdater Folder Found : C:\Users\Jeremy\AppData\Roaming\Nosibay Folder Found : C:\Users\Jeremy\AppData\Roaming\Store Folder Found : C:\Users\Jeremy\AppData\Roaming\WTools Folder Found : C:\Users\Jeremy\AppData\Roaming\SpringFiles Folder Found : C:\Users\Jeremy\AppData\Roaming\lavasoft\web companion Folder Found : C:\Users\Jeremy\AppData\Roaming\store Folder Found : C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock Folder Found : C:\Program Files\Caster ***** [ Files ] ***** File Found : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll File Found : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini File Found : C:\Users\Jeremy\AppData\Roaming\Bubble Dock.boostrap.log File Found : C:\Users\Jeremy\AppData\Roaming\Bubble Dock.installation.log File Found : C:\Users\Jeremy\AppData\Roaming\Selection Tools.installation.log File Found : C:\Users\Jeremy\AppData\Roaming\WindApp.boostrap.log File Found : C:\Users\Jeremy\AppData\Roaming\WindApp.installation.log File Found : C:\WINDOWS\SysNative\LavasoftTcpService64.dll File Found : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : WindApp Update Task Found : Selection Tools Update Task Found : Selection Tools Update ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Key Found : HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Key Found : HKCU\Software\Classes\.bubbledock Key Found : HKCU\Software\Classes\bubbledock Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Classes\.bubbledock Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Classes\bubbledock Key Found : HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E Key Found : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Key Found : HKCU\Software\Nosibay Key Found : HKCU\Software\Store Key Found : HKCU\Software\WajIEnhance Key Found : HKCU\Software\WTools Key Found : HKCU\Software\SrpnFiles Key Found : HKCU\Software\Wizzlabs Key Found : HKCU\Software\MICROSOFT\IDSC Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKLM\SOFTWARE\SrpnFiles Key Found : HKLM\SOFTWARE\Lavasoft\Web Companion Key Found : HKLM\SOFTWARE\Social2Sear Key Found : HKLM\SOFTWARE\AVSoftware Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindApp Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Key Found : [x64] HKLM\SOFTWARE\Social2Sear Key Found : [x64] HKLM\SOFTWARE\AVSoftware Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1} Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Nosibay Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Store Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\WajIEnhance Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\WTools Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\SrpnFiles Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Wizzlabs Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\MICROSOFT\IDSC Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\AppDataLow\Software\adawarebp Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindApp Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1374E61D-8EEB-4E2D-BA96-1176C22CDBBF}] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0E008854-7C81-4DD1-8FF0-4384B0AF1190}] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C36091A4-6D37-48B5-8CDB-723E753D2BE8}] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{038658C6-0064-49FD-B2E6-212E012CA257}] Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EFABDB3E-91D1-4C19-B23B-87264222641B}] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380} Data Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {BA1BE292-1D15-488B-934D-008742212380} Key Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380} Data Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {BA1BE292-1D15-488B-934D-008742212380} Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [selection Tools] Value Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [selection Tools] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] Value Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Caster] Value Found : HKU\S-1-5-21-665035586-3844912205-1700048427-1001\Software\Microsoft\Windows\CurrentVersion\Run [Caster] ***** [ Web browsers ] ***** ************************* C:\AdwCleaner\AdwCleaner[R0].txt - [1896 bytes] - [03/04/2015 17:28:35] C:\AdwCleaner\AdwCleaner[s0].txt - [1283 bytes] - [03/04/2015 17:31:25] C:\AdwCleaner\AdwCleaner[s1].txt - [8828 bytes] - [20/06/2016 15:48:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [8901 bytes] ##########
  8. Hi, My browsers are all jumping to dubious pages. I have tried resetting them and it fixes the problem for a few minutes then it comes back again. I have run the full scan from adaware pro and it found a bunch of things but removing them hasn't helped this problem. Thanks Jeremy FRST.txt Addition.txt